Vault: Detokenize

Convert tokens back to their plain text values.

🚧

Read Vault: Tokenize before proceeding. The Reverse Vault is the 'Use' counterpart to the Vault.

For the sake of brevity, that information is not repeated here.

Use the reverse Vault API to convert sensitive data from a PCI Proxy token back to the clear text value. The API supports single as well as bulk detokenization for credit card number-, cvv- and custom value aliases.
Please consider the following constraints when using the reverse Vault API:

  • For bulk detokenizations the maximum number of requests per batch is 100
  • For custom values we do not apply any form of validation
  • Please also consider the PCI DSS requirements below

💡

Only PCI DSS compliant merchants are allowed to use the reverse Vault API as it returns sensitive plain text data which extends your PCI DSS scope.

Exemptions can be granted for a limited period of time if there is a valid business reason such as for instance PSP migrations or in case of non-sensitive data.

For any sensitive data to be revealed in client apps, please use the Show API integration.

The Reverse Vault API works in a similar way to the Vault API. Please refer to the API Reference to get a detailed view of all required and optional fields.

curl --request POST \
  --url 'https://api.sandbox.datatrans.com/v1/aliases/detokenize' \
  --header 'Authorization: Basic {{basicAuth}}' \
  --header 'Content-Type: application/json' \
  --data '{
	"requests": [
		{
			"type": "CARD",
			"alias": "7LHXscqwAAEAAAGELW8yPYx7lOreANmg"
		},
		{
			"type": "CVV",
			"alias": "LqFr-TLBQRC6lIkfogaSDbz3"
		},
		{
			"type": "CUSTOM",
			"alias": "DHoVO57dSKKK5EDH-ysnSw=="
		}
	]
}'
{
    "overview": {
        "total": 3,
        "successful": 3,
        "failed": 0
    },
    "responses": [
        {
            "type": "CARD",
            "pan": "4242424242424242",
            "expiryMonth": "12",
            "expiryYear": "25"
        },
        {
            "type": "CVV",
            "cvv": "123"
        },
        {
            "type": "CUSTOM",
            "custom": "John Doe"
        }
    ]
}

The response will indicate the number of successful or failed detokenizations and the plain text values.

📘

CVV aliases expire 30 minutes after the first usage.

They cannot be detokenized after they have expired.