Document Vault

Let your customers upload documents and images in a PCI DSS compliant way.

Additional verification of sensitive information may be needed alongside our other tokenization methods. Our Document Vault gives you the possibility to securely accept images or documents containing PCI sensitive data from your customers.

You can simply request a unique upload link from PCI Proxy which you forward to your customer. They can then upload the required documents to our servers directly. The files can be reviewed in your PCI Proxy Dashboard without having to deal with PCI DSS Compliance.


The Document Vault feature requires activation by our team. It requires MFA to be enabled on your account, too.

Get in touch to get this set up!

Quick start

1. Request an upload link

To get a unique upload link to give to your customers, call our Requests endpoint.

curl --request POST \
  --url '' \
  --header 'content-type: application/json' \
  --header 'pci-proxy-api-key: {{pciProxyApiKey}}' \
  --data '{
	"reference": "1337",
	"successUrl": "",
	"cancelUrl": "",
	"errorUrl": "",
	"webhookEndpoint": "",
	"context": {
		"Test Card": "true",
		"FirstName": "Jon",
		"LastName": "Doe"

The link is returned in the response.

  "link": ""

2. Redirect the customer

Embed the link returned to you into your application and redirect your customer to it. Navigating to this link will open up an upload page hosted by us. For example:

Document Vault Upload page

Document Vault Upload page

Depending on whether the upload is successful, canceled or failed, the customer will be redirected automatically to the URLs specified in the API request.


We support the following file-types: image/png, image/jpeg, image/heic, application/pdf.

3. Review requests

Navigate to the Dashboard and click into the Document Vault menu in the Project section on the left-hand menu bar. Your requests and their statuses will be shown here.

Document Vault Overview

Document Vault Overview

Clicking View on a request brings up a modal which shows the uploaded image or document and any option data sent in the API request. From here, you can Approve or Reject the document and these actions will trigger a call to the webhook.

For more information about statuses and webhooks, see our Request Status and Webhooks page.

Document Vault Modal View

Document Vault Modal View


To keep your sensitive data secure and to be compliant with PCI DSS, we have put in place a retention policy.

Read about the policy in Security and Retention Policy.