Card API

Methods to control cards

Capture Cards operations

Capture Card from 3rd party API

This method can be used to send a request to a 3rd party service (eg. OTA or CM) and extract the credit card information from the response (e.g. Booking with card details inside).

Request
Request
POST https://pci.channex.io/api/v1/capture?api_key={YOUR_API_KEY}&method={HTTP_METHOD}&url={TARGET_URL}&profile={TOKENIZATION_PROFILE}

Arguments

Argument

Description

method

HTTP Method to send request to target endpoint. One of: get, post, put, delete, patch head, options

url

Valid URL of Target Endpoint, should use https protocol

profile

Tokenization profile what should be applied to extract Credit Card data from Response

Any provided Headers or Content Body will be provided to Target endpoint without any changes.

Method will return answer from Target Endpoint. Credit Card data will be masked based at Tokenization Profile settings.

Credit card token can be returned at Header X-PCI-CHANNEX-TOKENS or inside specific node at response body.

Please, read more about Tokenization Profiles.

Capture Card Form

To get Credit Card information from your Guests, you can use Capture Card Embedded Form.

This method return HTML Page what you can embed into your application to collect Card information from clients.

Request
Request
GET https://pci.channex.io/api/v1/capture_form?session_token={SESSION_TOKEN}

To generate the Card Capture Form you should generate a Session Token with scope card.

You can find out more information about Capture Card Form here.

Save Card at Storage

Sometimes you would like to save a Card directly with Channex PCI. To do that, you can use this method.

Request
Success Response
Request
POST https://pci.channex.io/api/v1/cards?API_KEY={YOUR_API_KEY}
{
"card": {
"card_number": "4111111111111111",
"card_type": "visa",
"cardholder_name": "JOHN DOE",
"service_code": "123",
"expiration_month": "12",
"expiration_year": "2021"
}
}
Success Response
{
"data": {
"id": "2f97cef45086488fa823ba3c014a3bc1",
"type": "card",
"attributes": {
"card_number": "411111******1111",
"card_type": "visa",
"cardholder_name": "JHON DOE",
"service_code": "***",
"expiration_month": "12",
"expiration_year": "2021",
"card_token": "2f97cef45086488fa823ba3c014a3bc1"
}
}
}

Method will return success response with code 200 OK. Response will contain credit card info with masked fields and card_token which can be used for another operations with cards.

This is useful if you wish to move cards from another PCI Service to Channex.

Card operations

Send Card

To send card to a 3rd party service (e.g. Payment Gateway), you can use the the Send Card method:

Request
Request
POST https://pci.channex.io/api/v1/cards/{card_token}/send?api_key={YOUR_API_KEY}&method={HTTP_METHOD}&url={TARGET_ENDPOINT}
{
"card": {
"card_number": "%CARD_NUMBER%",
"cardholder_name": "%CARDHOLDER_NAME%",
"service_code": "%SERVICE_CODE%",
"expiration_month": "%EXPIRATION_MM%",
"expiration_year": "%EXPIRATION_YYYY%"
}
}

Arguments

Argument

Descriotion

card_token

Credit Card token at Channex

method

HTTP Method to send request to target endpoint. One of: get, post, put, delete, patch, head, options

url

Valid URL of Target Endpoint, should use https protocol

Query Body is optional and depends to Target Endpoint API. Basically, it should contain structure expected by Target Endpoint. To insert real card data into request you can use Drop Ins.

Method with return response from Target Endpoint.

Authorize Card

By PCI DSS rules, we should remove Service Code immediately after the card is Authorized. Some operations at our API call this action automatically. But, because you can catch some problems with Send Card method (3rd party service provide error response), we do not remove Service Code automatically after using the Send Card Method. If your application successfully sent the card info to the 3rd party service, please call Authorize Card method.

Please use this method to remove the service code once you have successfully sent the card to the payment gateway. This is an important part of PCI-DSS.

Request
Success Response
Request
POST https://pci.channex.io/api/v1/cards/{card_token}/auth?api_key={YOUR_API_KEY}
Success Response
Status: 204 No Content

Remove Card from Storage

If card is not longer required for your business processes, you should remove it from storage by calling this method:

Request
Success Response
Request
DELETE https://pci.channex.io/api/v1/cards/{card_token}?api_key={YOUR_API_KEY}
Success Response
Status: 204 No Content

Show Card Form

To implement the ability to Show Card at your application you can use method Show Card. This method will return HTML Page with credit card information that you can insert into your application.

GET https://pci.channex.io/api/v1/show_card?card_token={CARD_TOKEN}&session_token={SESSION_TOKEN}&service_code_token={SERVICE_CODE_TOKEN}

Arguments

Argument

Description

card_token

Card token at Channex.PCI

session_token

One-off Session token with scope card

service_code_token

One-off Session token with scope service_code to show Card Service Code

By default, Channex PCI will return a HTML page where user can see Card Number, Expiration Date, Card Type and Cardholder Name, but Service Code (CVV, CVC) will be hidden. To be able to see Service code, you should provide the service_code_token which will be used to request Service Code.

Service Code will be hidden by a button, by clicking this button the user will load Service Code and it will be immediately removed from Storage.

Our iframe to show card information makes the user click to see the service code (CVV/CVC). This is helpful because once it is viewed it must be deleted.