Skip to main content
This workflow covers tokenizing a card from any source and giving a hotel access to view the card details. Use this when you already have a token (or are tokenizing from a third-party source like an OTA or channel manager) and need to share it with a hotel. If you need to capture the card directly from the cardholder first, see Collect a Guest’s Card and Share with a Hotel instead.

Step 1: Tokenize the Card

Capture and tokenize the card using any of PCI Booking’s methods: The result is a card token (a URI pointing to the stored card details in PCI Booking).

Step 2: Send the Card to the Hotel

How you deliver the card to the hotel depends on your integration approach: Send the hotel contact a secure link. PCI Booking handles identity verification and card display. No portal setup or user accounts needed on the hotel’s side.
  1. Call the Card Display OTP endpoint with the card token, the hotel contact’s email, phone number, and name.
  2. PCI Booking sends an email with a secure link.
  3. The hotel contact clicks the link and verifies their identity via SMS code.
  4. Card details are displayed on PCI Booking’s hosted page.
See Card Display with OTP for full details.

Option B: Card Display (iframe in your portal)

If you operate your own portal where hotels can log in, display the card details in a secure iframe embedded in your system.
  • Generate a Card Display Form link for the token.
  • Embed the iframe in your portal. The card details render inside PCI Booking’s secure domain, so card data never touches your servers.
See Card Display for setup details.

Option C: Token Replacement

Send the card details directly to the hotel’s API using Token Replacement.
  • Build an API request to the hotel’s system containing the card token.
  • PCI Booking replaces the token with real card data in transit.
  • The hotel receives the card details without you ever handling them.