Card API

Methods to control cards

Capture Cards operations

Capture Card from 3rd party API

This method can be used to send a request to a 3rd party service (eg. OTA or CM) and extract the credit card information from the response (e.g. Booking with card details inside).





HTTP Method to send request to target endpoint. One of: get, post, put, delete, patch head, options


Encoded URL of Target Endpoint, should use https protocol


Tokenization profile what should be applied to extract Credit Card data from Response

Any provided Headers or Content Body will be provided to Target endpoint without any changes.

Method will return answer from Target Endpoint. Credit Card data will be masked based at Tokenization Profile settings.

Credit card token can be returned at Header X-PCI-CHANNEX-TOKENS or inside specific node at response body.

Please, read more about Tokenization Profiles.

Capture Card Form

To get Credit Card information from your Guests, you can use Capture Card Embedded Form.

This method return HTML Page what you can embed into your application to collect Card information from clients.


To generate the Card Capture Form you should generate a Session Token with scope card.

You can find out more information about Capture Card Form here.

Save Card at Storage

Sometimes you would like to save a Card directly with Channex PCI. To do that, you can use this method.


  "card": {
    "card_number": "4111111111111111",
    "card_type": "visa",
    "cardholder_name": "JOHN DOE",
    "service_code": "123",
    "expiration_month": "12",
    "expiration_year": "2021"

Method will return success response with code 200 OK. Response will contain credit card info with masked fields and card_token which can be used for another operations with cards.

This is useful if you wish to move cards from another PCI Service to Channex.

Card operations

Send Card

To send card to a 3rd party service (e.g. Payment Gateway), you can use the the Send Card method:


  "card": {
    "card_number": "%CARD_NUMBER%",
    "cardholder_name": "%CARDHOLDER_NAME%",
    "service_code": "%SERVICE_CODE%",
    "expiration_month": "%EXPIRATION_MM%",
    "expiration_year": "%EXPIRATION_YYYY%"





Credit Card token at Channex


HTTP Method to send request to target endpoint. One of: get, post, put, delete, patch, head, options


Encoded URL of Target Endpoint, should use https protocol

Query Body is optional and depends to Target Endpoint API. Basically, it should contain structure expected by Target Endpoint. To insert real card data into request you can use Drop Ins.

Method with return response from Target Endpoint.

Authorize Card

By PCI DSS rules, we should remove Service Code immediately after the card is Authorized. Some operations at our API call this action automatically. But, because you can catch some problems with Send Card method (3rd party service provide error response), we do not remove Service Code automatically after using the Send Card Method. If your application successfully sent the card info to the 3rd party service, please call Authorize Card method.

Please use this method to remove the service code once you have successfully sent the card to the payment gateway. This is an important part of PCI-DSS.


Remove Card from Storage

If card is not longer required for your business processes, you should remove it from storage by calling this method:


Show Card Form

To implement the ability to Show Card at your application you can use method Show Card. This method will return HTML Page with credit card information that you can insert into your application.





Card token at Channex.PCI


One-off Session token with scope show_card


One-off Session token with scope show_service_code to show Card Service Code

By default, Channex PCI will return a HTML page where user can see Card Number, Expiration Date, Card Type and Cardholder Name, but Service Code (CVV, CVC) will be hidden. To be able to see Service code, you should provide the service_code_token which will be used to request Service Code.

Service Code will be hidden by a button, by clicking this button the user will load Service Code and it will be immediately removed from Storage.

Our iframe to show card information makes the user click to see the service code (CVV/CVC). This is helpful because once it is viewed it must be deleted.

Last updated