PCI Proxy Dashboard ↗️Status Page
Guides
Start typing to search…

Pull

You send tokenized data to third-parties, who receive plain text data.

You send tokens through PCI Proxy and your Receiver gets plain text data.

You send tokens through PCI Proxy and your Receiver gets plain text data.

When you prepare payloads and requests to third-party receivers, you will use tokens where sensitive card data should be. Then, sending them through the Forward proxy will have them automatically detokenized, so that the third-party will receive plain text data. All other headers and payload objects will be kept the same.

🚧

In sandbox mode, only test credentials are allowed.

Example

The following example demonstrates how to use Forward Pull with a PSP (Payment Service Provider). In this case, Adyen acts as the Receiver of raw card data. The Adyen integration has been added to your PCI Proxy account, so you can securely forward credit card details without exposing raw card data.

curl -X POST https://checkout-test.adyen.com/v71/payments \
-H 'content-type: application/json' \
-H 'x-api-key: YOUR_API_KEY' YOUR_ADYEN_API_KEY' \
-d '{
"amount": { "currency": "USD", "value": 1000 },
"merchantAccount": "YOUR_MERCHANT_ACCOUNT",
"paymentMethod": {
"encryptedCardNumber": "4111111111111111",
"encryptedExpiryMonth": "03",
"encryptedExpiryYear": "2030",
"encryptedSecurityCode": "737",
"type": "scheme"
},
"reference": "Your order number",
"returnUrl": "https://your-company.example.com/..."
}'
curl -X POST https://sandbox.pci-proxy.com/v1/pull \
-H 'content-type: application/json' \
-H 'x-api-key: YOUR_API_KEY' YOUR_ADYEN_API_KEY' \
-H 'x-cc-merchant-id: {Your PCI Proxy Merchant id}' \
-H 'pci-proxy-api-key: {Your PCI Proxy API key}' \
-H 'x-cc-url: https://checkout-test.adyen.com/v71/payments' \
-d '{
"amount": { "currency": "USD", "value": 1000 },
"merchantAccount": "YOUR_MERCHANT_ACCOUNT",
"paymentMethod": {
"encryptedCardNumber": "AABcH0Bq92s3kgAESIAAbGj5NIsAHWC",
"encryptedExpiryMonth": "03",
"encryptedExpiryYear": "2030",
"encryptedSecurityCode": "Glb62cRnQV0jJxI0Iaeq9Wme",
"type": "scheme"
},
"reference": "Your order number",
"returnUrl": "https://your-company.example.com/..."
}'
-curl -X POST https://checkout-test.adyen.com/v71/payments \
+curl -X POST https://sandbox.pci-proxy.com/v1/pull \
-H 'content-type: application/json' \
-H 'x-api-key: YOUR_API_KEY' YOUR_ADYEN_API_KEY' \
+-H 'x-cc-merchant-id: {Your PCI Proxy Merchant id}' \
+-H 'pci-proxy-api-key: {Your PCI Proxy API key}' \
+-H 'x-cc-url: https://checkout-test.adyen.com/v71/payments' \
-d '{
"amount": { "currency": "USD", "value": 1000 },
"merchantAccount": "YOUR_MERCHANT_ACCOUNT",
"paymentMethod": {
- "encryptedCardNumber": "4111111111111111",
+ "encryptedCardNumber": "AABcH0Bq92s3kgAESIAAbGj5NIsAHWC",
"encryptedExpiryMonth": "03",
"encryptedExpiryYear": "2030",
- "encryptedSecurityCode": "737",
+ "encryptedSecurityCode": "Glb62cRnQV0jJxI0Iaeq9Wme",
"type": "scheme"
},
"reference": "Your order number",
"returnUrl": "https://your-company.example.com/..."
}'

Note: Check the Diff tab to see the difference between the two requests.

Explanation of Differences

API Endpoint

  • Direct request to Adyen: https://checkout-test.adyen.com/v71/payments
  • Request to Adyen via PCI Proxy: https://sandbox.pci-proxy.com/v1/pull

The Forward Pull API acts as a proxy. Instead of sending sensitive card data directly to Adyen, you send it to PCI Proxy, which detokenizes it and then forwards the request to Adyen.

Additional Headers for PCI Proxy

  • x-cc-merchant-id: Your PCI Proxy merchant identifier.
  • pci-proxy-api-key: Your PCI Proxy API key for authentication.
  • x-cc-url: The target URL (Adyen endpoint) that PCI Proxy will forward the request to.

These headers instruct PCI Proxy where to forward the request and authenticate your account.

Payment Method Data

  • Direct request to Adyen: You send raw card details (4111111111111111, 737).
  • Request to Adyen via PCI Proxy: You replace the raw card details with PCI Proxy aliases: a PAN alias, e.g. AABcH0Bq92s3kgAESIAAbGj5NIsAHWC, and a CVV alias, e.g. Glb62cRnQV0jJxI0Iaeq9Wme.

PCI Proxy detokenizes card data when it receives the request, then forwards it to the target endpoint.

Other data

  • All request headers required by the target API remain unchanged, PCI Proxy forwards them to the target endpoint.
  • The rest of the payload (amount, merchantAccount, reference, returnUrl etc.) remains identical in the request via PCI Proxy.

If the Adyen's response does not contain any sensitive card information, it is returned to the request initiator without modification.

Updated 10 days ago