Filter (payloads)

Last updated 8 months ago

Simply redirect requests containing sensitive card data through PCI Proxy to avoid sensitive data hitting your servers. PCI Proxy automatically scans requests for sensitive card data. Located card data is instantly collected, tokenized and stored in our secure vaults in Switzerland. A reference number (token) is issued that substitutes the sensitive data in the request or response. All other headers and payload always remains the same.

All happens before sensitive card data ever touches your servers to reduce your PCI scope.

1. Add Channels

Before you can filter payloads from a remote server you have to add the remote server as a Channel to your account. You can either pick from our list of supported Channels or add new ones:

Click to Add Channels

2. Select filter method

PCI Proxy supports two different filter methods /v1/pull and /v1/push to suit all your needs.

Collecting card data from a Channel via web service can work in two ways. In general, either you perform a pull request to receive card data from the Channel or a Channel starts a push request to send you card data. PCI Proxy can extract sensitive data in both operations.

/v1/pull

/v1/push

You start the request.

The Channel starts the request.

post
PULL method

https://sandbox.pci-proxy.com
/v1/pull
/v1/pull method allows you to send a request via PCI Proxy to a Channel API endpoint to receive a response where the payload is filtered for credit card data and automatically tokenized. Just add the following header params to your request and redirect your request to the /v1/pull endpoint. All other headers and your payload will be kept and routed through PCI Proxy without modification.
Request
Response
Headers
X-CC-MERCHANT-ID
required
string
Your unique account id at PCI Proxy (e.g. 1000011011)
X-CC-SIGN
required
string
Your security sign (e.g. 30916165706580013)
X-CC-URL
required
string
API endpoint (https://api.channel.com/)
200: OK
Response will contain tokenized credit card data.
<?xml version="1.0" encoding="UTF-8"?>
<reservations>
<reservation>
<customer>
<cc_cvc>xC80dmLNReahfVnMNeW6DHt_</cc_cvc>
<cc_expiration_date>07/2018</cc_expiration_date>
<cc_name>John Doe</cc_name>
<cc_number>424242SKMPRI4242</cc_number>
<cc_type>Visa</cc_type>
</customer>
<truncated>...for better visability</truncated>
</reservation>
</reservations>

In test mode, only test credit cards are allowed.

Process Flow

Process Flow with PCI Proxy

Examples

Once a PULL Channel is added to your merchantId, simply redirect requests to it via the PCI Proxy:

Pull reservations from Booking.com
Response
curl https://sandbox.pci-proxy.com/v1/pull \
-H 'X-CC-MERCHANT-ID: merchantId' \
-H 'X-CC-SIGN: securitysign' \
-H 'X-CC-URL: https://secure-supply-xml.booking.com/hotels/xml/reservations' \
-d '<?xml version="1.0" encoding="UTF-8"?>
<request>
<username>providermachinelogin</username>
<password>********</password>
</request>'

The response from Booking.com is automatically filtered for credit card data. Located card data is now stored in our vaults in Switzerland while card tokens have been inserted into the payload.

post
PUSH method

https://sandbox.pci-proxy.com
/v1/push:uniquePushKey
/v1/push method allows you to receive already tokenized card data on a uniquePushKey endpoint. Your partners can push requests to this unique PCI Proxy endpoint containing credit card data in its payload. Hence, it is routed via PCI Proxy, the payload is filtered for credit card data and automatically tokenized. All other headers and payload will be kept and routed through PCI Proxy without modification.
Request
Response
Path Parameters
uniquePushKey
optional
string
Your partner can simply push its request to the uniquePushKey endpoint.
200: OK

In test mode, only test credit cards are allowed.

Process Flow

Process Flow with PCI Proxy

Examples

When you add a PUSH Channel to your account, you receive a {uniquePushKey} for each Channel that is set up. Together with our PCI Proxy PUSH service URL, it results in a unique PCI Proxy Endpoint that is specific to that Channel. Now, redirect requests coming from a Channel with a single step:

  1. Change endpoint at Channel from Your API Endpoint to unique PCI Proxy Endpoint

If needed, whitelist IP addresses of PCI Proxy at Channel.

If Channel sends a request to its unique PCI Proxy Endpoint, PCI Proxy recognizes the Channel and connects it to your account. The request from Channel will now automatically be filtered for credit card data. Located card data will be instantly stored in our vaults while we insert the tokenized card data in the request and forward it to Your API Endpoint.

Next up