Document Vault

The Document Vault allows your customers to upload sensitive images and documents in a PCI DSS and data security compliant environment. Therefore, you generate a unique upload link that can be presented to the user in your application. It redirects the user to an upload page which is hosted on our servers. Subsequently, the uploaded files can be reviewed in the Dashboard by applying our approval logic without the need to take care of PCI DSS compliance.
To get started, please follow the step-by-step guide below.


To start, call our Request API from your server to create an upload link.
Request call

Request & Response example

curl --location --request POST '' \
--header 'pci-proxy-api-key: {{API Key}}' \
--header 'content-type: application/json' \
--data-raw '{
"context": {
"Test Card":"true",
"FirstName": "Jon",
"LastName": "Doe"
"link": ""

2. Redirect the cardholder

As a next step, embed the upload link received from the response into your application and redirect the user to it. The link will open an upload page hosted by us. In case of a successful, cancelled, or failed upload the user will be redirected automatically to the URLs specified in the API request above.
Supported file-types: image/png, image/jpeg, image/heic, application/pdf

3. Access and review requests

Login to our Dashboard and navigate to the "Document Vault" menu within the Project section on the left-hand side menu bar. You can see all the requested links and the current status of the request.
The Document Vault needs to be activated for you and requires special user rights with mandatory 2FA enabled. Please contact us to assign such a user role.
Document Vault overview menu
To review an uploaded document please press the View button on the right side. An overlay with the uploaded document and the optional data sent in the API request will be opened. To approve or reject a document use the buttons on the bottom. Each action will trigger a call to the webhook.
Document Vault detail view
To keep your sensitive data secure and to be compliant with PCI DSS we have a retention policy for viewed documents in place. Learn more about the retention policy here.