# Subscription Creation Endpoints

## Overview

When creating a subscription, there are two distinct methods based on the merchant's PCI compliance:

* **Non-PCI Merchants**: These merchants cannot handle card details directly. They receive a redirect link to provide users, which leads them to a secure page where payment information can be safely entered and processed without exposing sensitive data.\
  This integration flow: [OneShot Subscription Creation](https://docs.pandablue.com/api-documentation/subscriptions-api/broken-reference).
* **PCI Compliant Merchants**: These merchants are authorized to handle card details directly. They can securely send card information to initiate and manage subscriptions, adhering to stringent PCI DSS standards.\
  This integration flow: [PCI Subscription Creation.](https://docs.pandablue.com/api-documentation/subscriptions-api/broken-reference)

### Important Notes

1. **PCI Compliance**: To use the PCI flow, merchants must provide valid PCI AOC compliance documentation and be approved by our integration team.
2. **Webhook Integration**: For optimal integration, implement webhook handling to receive real-time updates about subscription status changes.