Pull

The merchant initiates a call to a Channel through PCI Proxy.

For Pull requests to channels, you are requesting potentially sensitive information from third-party partners. The channel sends its response through us and you will receive a tokenized version of it.

🚧
In sandbox mode, only test credentials are allowed.

Example

When you request booking details from a provider like Booking.com, the response often includes sensitive payment information such as the card number and CVV.

To protect your systems and maintain PCI compliance, PCI Proxy acts as a secure intermediary. It intercepts the response, filters out PCI-sensitive data, and replaces it with tokens before forwarding the sanitized response to your server. This ensures that your infrastructure never handles raw card data, reducing risk and simplifying compliance.

Assume that the Booking.com Pull (Channel) integration is already configured in your account, allowing you to retrieve booking details directly from Booking.com. Below, you’ll find examples of:

A request without PCI Proxy
A request with PCI Proxy acting as an intermediary
The key differences between the two approaches

curl --request POST \
--url 'https://secure-supply-xml.booking.com/hotels/xml/reservations' \
--header 'pci-proxy-api-key: {{pciProxyApiKey}}' \
--header 'x-cc-merchant-id: {{merchantId}}' \
--header 'x-cc-url: https://secure-supply-xml.booking.com/hotels/xml/reservations' \
--data '<?xml version="1.0" encoding="UTF-8"?>
          <request>
            <username>providermachinelogin</username>
            <password>********</password>
          </request>'

curl --request POST \
--url 'https://sandbox.pci-proxy.com/v1/pull' \
--header 'pci-proxy-api-key: {{pciProxyApiKey}}' \
--header 'x-cc-merchant-id: {{merchantId}}' \
--header 'x-cc-url: https://secure-supply-xml.booking.com/hotels/xml/reservations' \
--data '<?xml version="1.0" encoding="UTF-8"?>
          <request>
            <username>providermachinelogin</username>
            <password>********</password>
          </request>'

  curl --request POST \
- --url 'https://secure-supply-xml.booking.com/hotels/xml/reservations' \
+ --url 'https://sandbox.pci-proxy.com/v1/pull' \
  --header 'pci-proxy-api-key: {{pciProxyApiKey}}' \
  --header 'x-cc-merchant-id: {{merchantId}}' \
  --header 'x-cc-url: https://secure-supply-xml.booking.com/hotels/xml/reservations' \
  --data '<?xml version="1.0" encoding="UTF-8"?>
          <request>
            <username>providermachinelogin</username>
            <password>********</password>
          </request>'

<?xml version="1.0" encoding="UTF-8"?>
<reservations>
  <reservation>
    <booked_at>2016-06-01T11:57:22+00:00</booked_at>
    <commissionamount>21.09</commissionamount>
    <currencycode>EUR</currencycode>
    <customer>
      <address>Vista 2, 3º izq</address>
      <cc_cvc>123</cc_cvc>
      <cc_expiration_date>07/2018</cc_expiration_date>
      <cc_name>John Doe</cc_name>
      <cc_number>4242424242424242</cc_number>
      <cc_type>Visa</cc_type>
      <city>Madrid</city>
      <company />
      <countrycode>es</countrycode>
      <dc_issue_number />
      <dc_start_date />
      <email>[email protected]</email>
      <first_name>Juan</first_name>
      <last_name>Valdez</last_name>
      <remarks>Booker is travelling for business...</remarks>
      <telephone>666 428 664</telephone>
      <zip>28004</zip>
    </customer>
    <!-- remaining response has been truncated for better visibility -->
  </reservation>
</reservations>

<?xml version="1.0" encoding="UTF-8"?>
<reservations>
  <reservation>
    <booked_at>2016-06-01T11:57:22+00:00</booked_at>
    <commissionamount>21.09</commissionamount>
    <currencycode>EUR</currencycode>
    <customer>
      <address>Vista 2, 3º izq</address>
      <cc_cvc>xC80dmLNReahfVnMNeW6DHt_</cc_cvc>
      <cc_expiration_date>07/2018</cc_expiration_date>
      <cc_name>John Doe</cc_name>
      <cc_number>AAABcHxr-sDssdexyrAAAfyXWIgaAF40</cc_number>
      <cc_type>Visa</cc_type>
      <city>Madrid</city>
      <company />
      <countrycode>es</countrycode>
      <dc_issue_number />
      <dc_start_date />
      <email>[email protected]</email>
      <first_name>Juan</first_name>
      <last_name>Valdez</last_name>
      <remarks>Booker is travelling for business...</remarks>
      <telephone>666 428 664</telephone>
      <zip>28004</zip>
    </customer>
    <!-- remaining response has been truncated for better visibility -->
  </reservation>
</reservations>

<?xml version="1.0" encoding="UTF-8"?>
<reservations>
  <reservation>
    <booked_at>2016-06-01T11:57:22+00:00</booked_at>
    <commissionamount>21.09</commissionamount>
    <currencycode>EUR</currencycode>
    <customer>
      <address>Vista 2, 3º izq</address>
-     <cc_cvc>123</cc_cvc>
+     <cc_cvc>xC80dmLNReahfVnMNeW6DHt_</cc_cvc>
      <cc_expiration_date>07/2018</cc_expiration_date>
      <cc_name>John Doe</cc_name>
-     <cc_number>4242424242424242</cc_number>
+     <cc_number>AAABcHxr-sDssdexyrAAAfyXWIgaAF40</cc_number>
      <cc_type>Visa</cc_type>
      <city>Madrid</city>
      <company />
      <countrycode>es</countrycode>
      <dc_issue_number />
      <dc_start_date />
      <email>[email protected]</email>
      <first_name>Juan</first_name>
      <last_name>Valdez</last_name>
      <remarks>Booker is travelling for business...</remarks>
      <telephone>666 428 664</telephone>
      <zip>28004</zip>
    </customer>
    <!-- remaining response has been truncated for better visibility -->
  </reservation>
</reservations>

The cc_number and cc_cvc fields have been substituted with their corresponding tokens but rest of the response is the same. The raw text fields are stored in our vaults.