Channex.io
Search…
Card API
Methods to control cards

Capture Cards operations

Capture Card from 3rd party API

This method can be used to send a request to a 3rd party service (eg. OTA or CM) and extract the credit card information from the response (e.g. Booking with card details inside).
Request
1
POST https://pci.channex.io/api/v1/capture?api_key={YOUR_API_KEY}&method={HTTP_METHOD}&url={TARGET_URL}&profile={TOKENIZATION_PROFILE}
Copied!
Arguments
Argument
Description
method
HTTP Method to send request to target endpoint. One of: get, post, put, delete, patch head, options
url
Encoded URL of Target Endpoint, should use https protocol
profile
Tokenization profile what should be applied to extract Credit Card data from Response
Any provided Headers or Content Body will be provided to Target endpoint without any changes.
Method will return answer from Target Endpoint. Credit Card data will be masked based at Tokenization Profile settings.
Credit card token can be returned at Header X-PCI-CHANNEX-TOKENS or inside specific node at response body.
Please, read more about Tokenization Profiles.

Capture Card Form

To get Credit Card information from your Guests, you can use Capture Card Embedded Form.
This method return HTML Page what you can embed into your application to collect Card information from clients.
Request
1
GET https://pci.channex.io/api/v1/capture_form?session_token={SESSION_TOKEN}
Copied!
To generate the Card Capture Form you should generate a Session Token with scope card.
You can find out more information about Capture Card Form here.

Save Card at Storage

Sometimes you would like to save a Card directly with Channex PCI. To do that, you can use this method.
Request
Success Response
1
POST https://pci.channex.io/api/v1/cards?api_key={YOUR_API_KEY}
2
3
{
4
"card": {
5
"card_number": "4111111111111111",
6
"card_type": "visa",
7
"cardholder_name": "JOHN DOE",
8
"service_code": "123",
9
"expiration_month": "12",
10
"expiration_year": "2021"
11
}
12
}
Copied!
1
{
2
"data": {
3
"id": "2f97cef45086488fa823ba3c014a3bc1",
4
"type": "card",
5
"attributes": {
6
"card_number": "411111******1111",
7
"card_type": "visa",
8
"cardholder_name": "JHON DOE",
9
"service_code": "***",
10
"expiration_month": "12",
11
"expiration_year": "2021",
12
"card_token": "2f97cef45086488fa823ba3c014a3bc1"
13
}
14
}
15
}
Copied!
Method will return success response with code 200 OK. Response will contain credit card info with masked fields and card_token which can be used for another operations with cards.
This is useful if you wish to move cards from another PCI Service to Channex.

Card operations

Send Card

To send card to a 3rd party service (e.g. Payment Gateway), you can use the the Send Card method:
Request
Send card to Stripe
1
POST https://pci.channex.io/api/v1/cards/{card_token}/send?api_key={YOUR_API_KEY}&method={HTTP_METHOD}&url={TARGET_ENDPOINT}
2
3
{
4
"card": {
5
"card_number": "%CARD_NUMBER%",
6
"cardholder_name": "%CARDHOLDER_NAME%",
7
"service_code": "%SERVICE_CODE%",
8
"expiration_month": "%EXPIRATION_MM%",
9
"expiration_year": "%EXPIRATION_YYYY%"
10
}
11
}
Copied!
1
POST https://pci.channex.io/api/v1/cards/<card_token>/send?api_key=<api_key>&method=post&url=https%3A%2F%2Fapi.stripe.com%2Fv1%2Fpayment_methods
2
3
HEADERS
4
Authorization: Basic encode_base64("sk_stripe_key:<stripe_key>")
5
Content-Type: application/x-www-form-urlencoded
6
7
BODY
8
type=card&card[number]=%CARD_NUMBER%&card[exp_month]=%EXPIRATION_MM%&card[exp_year]=%EXPIRATION_YYYY%&card[cvc]=%SERVICE_CODE%
Copied!
Arguments
Argument
Descriotion
card_token
Credit Card token at Channex
method
HTTP Method to send request to target endpoint. One of: get, post, put, delete, patch, head, options
url
Encoded URL of Target Endpoint, should use https protocol
Query Body is optional and depends to Target Endpoint API. Basically, it should contain structure expected by Target Endpoint. To insert real card data into request you can use Drop Ins.
Method with return response from Target Endpoint.

Authorize Card

By PCI DSS rules, we should remove Service Code immediately after the card is Authorized. Some operations at our API call this action automatically. But, because you can catch some problems with Send Card method (3rd party service provide error response), we do not remove Service Code automatically after using the Send Card Method. If your application successfully sent the card info to the 3rd party service, please call Authorize Card method.
Please use this method to remove the service code once you have successfully sent the card to the payment gateway. This is an important part of PCI-DSS.
Request
Success Response
1
POST https://pci.channex.io/api/v1/cards/{card_token}/auth?api_key={YOUR_API_KEY}
Copied!
1
Status: 204 No Content
Copied!

Remove Card from Storage

If card is not longer required for your business processes, you should remove it from storage by calling this method:
Request
Success Response
1
DELETE https://pci.channex.io/api/v1/cards/{card_token}?api_key={YOUR_API_KEY}
Copied!
1
Status: 204 No Content
Copied!

Show Card Form

To implement the ability to Show Card at your application you can use method Show Card. This method will return HTML Page with credit card information that you can insert into your application.
1
GET https://pci.channex.io/api/v1/show_card?card_token={CARD_TOKEN}&session_token={SESSION_TOKEN}&service_code_token={SERVICE_CODE_TOKEN}
Copied!
Arguments
Argument
Description
card_token
Card token at Channex.PCI
session_token
One-off Session token with scope card
service_code_token
One-off Session token with scope service_code to show Card Service Code
By default, Channex PCI will return a HTML page where user can see Card Number, Expiration Date, Card Type and Cardholder Name, but Service Code (CVV, CVC) will be hidden. To be able to see Service code, you should provide the service_code_token which will be used to request Service Code.
Service Code will be hidden by a button, by clicking this button the user will load Service Code and it will be immediately removed from Storage.
Our iframe to show card information makes the user click to see the service code (CVV/CVC). This is helpful because once it is viewed it must be deleted.