Adding a new card via API and PCI compliance

Adding a new card via API and PCI compliance

Hi everyone,

there might be something I am missing here, but here is what I understand :

if I want to add a card, I see in the API description  here that I have to send the card number with my credentials in the headers (company_id + auth_token).

If I do that on our server's side, I have to have the customer credit card details hit our server and I am not allowed to do that, because we are not  PCI compliant (and we do not plan to be !).
The other solution would be to do this from the client's side but I would then be giving away my  Zoho credentials. Anyone would then be able to remove all customers from my  Zoho account for example.

How then is this part of the API useful ? Is it designed to only be used by PCI compliant merchants ?

If I am correct on the above, I think it would be very helpful to have an encryption/token system (like Stripe does for example) to still be able to use this API while not having to go into the trouble of the PCI certification.

Best regards,
Mathieu