Does it need PCI DSS authentication to use API completely
The term of the requirement used for the API-only approach is PCI Certification. You can use the Iframe to process the card into an encrypted token, and do the rest with the API. That way you will only need to be compliant and not necessarily certified.
Have a look at this article ( Not affiliated ) describing the difference between certification and compliance.
3 People are following this question.