> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# Token Replacement (API)

> Replace tokens with real card data in outbound API calls to payment gateways. PCI Booking proxies the request securely.

The [Retrieve Card Details](/api-reference/manage-tokens/retrieve-card-details) endpoint returns the **full, unmasked card number** directly in the API response. If the `retrieveCvv` parameter is set, it also returns the CVV.

Unlike [Token Replacement in Request](/use-tokens/token-replacement-in-request) or the [Universal Payment Gateway](/use-tokens/universal-payment-gateway), this method delivers raw card data to your system rather than routing it directly to a third party.

<Warning>
  Using this endpoint means your system receives raw card data in the API response. This puts your system, network, and all connected components in scope of PCI DSS compliance.

  We strongly recommend:

  * **Do not use this endpoint in production.** Use it only in your sandbox environment with test card data to verify that card details were stored correctly.
  * If you have a legitimate production need to retrieve full card details, consult with your PCI QSA before implementing. Consider using [Card Display](/use-tokens/card-display) instead, which renders card details in a secure iframe without exposing raw data to your systems.
</Warning>

## How It Differs from Token Replacement in Request

PCI Booking offers two distinct "token replacement" concepts. Understanding the difference is important:

|                       | This Endpoint (Retrieve Card Details)       | Token Replacement in Request                                    |
| --------------------- | ------------------------------------------- | --------------------------------------------------------------- |
| **Direction**         | Card data is returned to your system        | Card data is injected into an outbound request to a third party |
| **PCI scope**         | Your system is in PCI DSS scope             | Your system stays out of scope                                  |
| **Use case**          | Sandbox testing, PCI-compliant environments | Production payment processing, partner integrations             |
| **Supported formats** | API response only                           | JSON, XML/SOAP, form-encoded, query string                      |

For production use, [Token Replacement in Request](/use-tokens/token-replacement-in-request) is the recommended approach. PCI Booking acts as a proxy, replacing tokens with real card data in the outbound request body and forwarding it to the destination. Your systems never see the real card details.

## When to Use This Endpoint

* **Sandbox verification.** Confirm that card data was stored correctly during integration development.
* **PCI-compliant environments.** If your system is already fully PCI DSS compliant and you need raw card data for a workflow that cannot use proxy-based token replacement.
* **Migration validation.** After migrating cards from another vault, verify that the data was transferred accurately.

## Recommended Alternatives

For most production scenarios, use one of these methods instead:

* **[Token Replacement in Request](/use-tokens/token-replacement-in-request)** to inject card data into outbound API calls to any HTTP endpoint
* **[Universal Payment Gateway](/use-tokens/universal-payment-gateway)** to process payments through supported PSPs with built-in formatting
* **[Card Display](/use-tokens/card-display)** to show card details to authorized users via a secure iframe

## Next Steps

<CardGroup cols={2}>
  <Card title="Card Display" icon="book" href="/use-tokens/card-display">
    View card details in a secure iframe without handling raw data.
  </Card>

  <Card title="Token Replacement in Request" icon="book" href="/use-tokens/token-replacement-in-request">
    Inject card data into outbound requests without PCI scope.
  </Card>

  <Card title="Use Tokens Overview" icon="book" href="/use-tokens/overview">
    All ways to use your tokens.
  </Card>
</CardGroup>
