Choosing the Right Approach
The best method depends on whether you need only the new expiration date or also the new CVV.- Expiration Only
- Expiration + CVV
- Full Re-capture
Use the API to update the expiration date directly. This is the simplest approach and does not require any interaction with the cardholder.Best for: Situations where CVV is not required for charges (e.g., merchant-initiated transactions, recurring billing without CVV).
Simple Case: Update Expiration Only
If you only store card number and expiration (no CVV), use the Update Expiration API to submit the new month and year. The existing token is updated in place. No cardholder interaction is required.Full Case: Update Expiration and CVV
If you also need the new CVV, follow this workflow:- Update the expiration date. Call Update Expiration with the new month and year.
- Send a CVV capture link. Use CVV Capture (via Card By Link) to send the cardholder a link to enter their new CVV.
- Cardholder enters CVV. The cardholder receives the link and enters the new security code.
- PCI Booking creates a new token. A full copy of the original card details is created with the captured CVV attached. You receive the new token in a callback.
- Set CVV retention policy. If needed, configure a CVV Retention Policy for the new token.
- Delete the old token. Call Delete Token to remove the old entry.
- Update your database. Replace the old token with the new one in your system.
If you use network tokenization, card networks (Visa, Mastercard) can automatically update card details when a replacement card is issued. This eliminates the need for manual updates in many cases. Contact support@pcibooking.net to learn more about network token lifecycle management.
Related
- Update Expiration. API reference for updating expiration date.
- CVV Capture. Send a CVV-only capture link to the cardholder.
- CVV Retention Policy. Control how long CVV data is stored.
- Charge and Save for Future Payments. See the full card lifecycle from initial capture to stored token.

