I am trying to determine a PCI compliant way to pass on a Credit Card number to the payment API. One of the most obvious ways I can think of is to create a local variable to accept the CC# from the user, pass on to the API and then destroy the variable.
After that, I will store the tokenized information for that customer, which does not have PCI burden. My hosting is SSL and PCI Compliant.
Any suggestions on what is a safe way to "accept" the CC# in order to "transmit" it on to the API? (PS: A gateway like Braintree or stripe is not a solution for me...due to a multitude of reasons which are probably better suited for a discussion only post later!)
If that credit card information ever hits your system you fall within PCI scope. You would need to use a form which submits directly to the payment gateway to avoid falling within PCI scope.
Authorize.Net offers a few examples of this including SIM, Direct Post Method, Accept Hosted, and Accept.js. You will need to check to see if the payment gateway you are using offers similar functionality.