Required validation for PCI-DSS
- PCI DSS Compliance SAQ D available here:

To use direct API:
This feature is available for PCI DSS certified merchants only (and still for very limited certified merchants because other terms & conditions involved in this process and approvals from banks/operations etc. After fulfilling all these requirements merchant can use this)

PCI certified merchants must undergo approval from our compliance, operations, and security teams before they integrate direct API (Merchant can request to their account manager to get approval and API)

- API does not support the tokenization feature, as well as Applepay.