> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Charge a Card and Save It for Future Payments

> Collect a guest's card, process the payment, and securely store a token for repeat charges, all in one PCI-compliant flow. Works with any PSP through PCI Booking.

This workflow covers the full lifecycle of a guest's card: capturing it on first visit, charging it, and storing a PCI DSS compliant token for future use. By tokenizing at capture time, you can process recurring payments and send card details to a property management system (PMS) without ever handling raw card data.

## Capture and charge a new customer's card

When a new customer arrives (or a returning customer provides a new card), use the Payments Library to handle card capture, payment, and tokenization in a single flow. The Payments Library renders a secure card form inside your checkout page, processes the payment through your PSP, and returns a token, all without card data touching your servers.

### Step 1: Set Up the Payments Library

Integrate the Payments Library into your web or mobile application. The library handles the card form UI, payment processing, and tokenization. You can render the card form in popup mode (opens a modal overlay) or iframe mode (embeds directly in your page layout). Both modes keep card data inside PCI Booking's secure environment.

* [Payments Library Setup Guide](/payments-library/setup). How to embed and configure the library.
* [Supported Payment Methods](/payments-library/supported-methods). Available payment methods (card, Apple Pay, Google Pay, etc.).

### Step 2: Initiate a Charge and Tokenize Session

Your backend calls the PCI Booking API to create a session with the `CHARGE_AND_TOKENIZE` operation type. This session specifies the PSP credentials, charge amount, and currency. PCI Booking returns a signed session token (JWS) that your frontend passes to the Payments Library. The session token is single-use and expires after a short period, so it must be created fresh for each transaction.

* [Create Session API Reference](/api-reference/payments-library/create-session). Use the `CHARGE_AND_TOKENIZE` operation type.

### Step 3: Customer completes the payment

The Payments Library displays the card form (or digital wallet buttons for Apple Pay, Google Pay, etc.) to the customer. The customer enters their card details or selects a wallet. The library sends the card data directly to PCI Booking, which charges the card through your configured PSP and tokenizes the card in one step. Your frontend receives a callback with the transaction result and the token.

### Step 4: Store the Token

Once the Payments Library completes processing, PCI Booking returns the token (a `cardURI`). Store this token in the customer's profile in your system for future use. The token is safe to store in any database since it contains no actual card data. You can query the token later to retrieve metadata such as the masked card number, brand, and expiry date without accessing the real card number.

## Charge a returning customer's stored card

When a returning customer makes a new reservation and wants to use their stored card, charge it directly through the API using the token you stored earlier. There is no need to recapture the card or present a payment form.

### Step 1: Send a Charge Request

Use the [Universal Payment Gateway](/use-tokens/universal-payment-gateway) to send a charge request to the selected PSP using the stored token. Pass the `cardURI` token, amount, currency, and your PSP credentials. PCI Booking retrieves the real card data from its vault and submits the charge to the PSP on your behalf.

* [Charge Guide](/use-tokens/charge). How to charge a card through a supported PSP.
* [Process Transaction API Reference](/api-reference/process-cards/process-transaction). API details for submitting a charge with a stored token.

### Step 2: Handle the Response

PCI Booking returns the PSP's response, including approval status, transaction reference, and any error codes. Store the transaction reference for later use if you need to process a [refund or void](/use-tokens/refunds-voids). If the charge fails (for example, due to insufficient funds or an expired card), the token remains valid and you can retry or prompt the customer to provide a new card.

### Handling Expired Cards

If a returning customer's card has expired since their last visit, you do not need to collect the full card number again. Use the [Update Expired Card](/use-cases/update-expired-card) flow to refresh the token with a new expiration date or new card details while preserving the existing token reference in your system.

## Sending Card Details to a PMS

When you need to send card details to a Property Management System (PMS), use Token Replacement to inject the real card data into an outgoing API request to the PMS. The card data never passes through your servers.

* [Token Replacement Guide](/use-tokens/token-replacement-in-request). How token replacement works for outgoing requests.
* [Token Replacement API Reference](/api-reference/process-cards/token-replacement). API details for token replacement requests.

## Related

* [Payments Library Overview](/payments-library/overview). Full overview of the Payments Library and its capabilities.
* [Universal Payment Gateway](/use-tokens/universal-payment-gateway). Alternative way to process payments through supported gateways.
* [Refunds and Voids](/use-tokens/refunds-voids). Reverse or refund a processed transaction.
* [Collect and Process a Payment](/use-cases/capture-and-charge). Just need to charge without storing? See this guide.
* [Update an Expired Card Token](/use-cases/update-expired-card). Card expired? Update the token without re-collecting the full card number.
