Subject: Blackbaud SKY API Tokenization with CSC handling for Recurring Payments

Anna Silvester

We're implementing a card tokenization solution using Blackbaud SKY API for a client with "Full" CSC security settings. We need guidance on the proper workflow for handling recurring payments in this scenario.

Current Understanding:

Successfully tokenizing card data via the API
Client requires both token AND CSC for setting up recurring payments due to "Full" CSC security setting
No obvious way in the API to associate CSC with token (as expected per PCI compliance)

Specific Questions:

What is the recommended workflow for handling recurring payments when CSC verification is set to "Full"?
Is there an approved method for the initial authorization that allows subsequent recurring charges without re-transmitting the CSC?
Are there specific headers, parameters, or alternate endpoints we should be using for this scenario?

We've thoroughly reviewed the documentation but suspect there might be implementation details known to experienced Blackbaud developers that would help us create a secure, PCI-compliant solution that meets our client's requirements.
Any guidance from those who have successfully implemented similar solutions would be greatly appreciated.
Environment:

Blackbaud SKY API (version current)
Implementation language: [typescript]
Client security settings: CSC verification set to "Full"