Pull

You send tokenized data to third-parties, who receive plain text data.

You send tokens through PCI Proxy and your Receiver gets plain text data.

You send tokens through PCI Proxy and your Receiver gets plain text data.

When you prepare payloads and requests to third-party receivers, you will use tokens where sensitive card data should be. Then, sending them through the Forward proxy will have them automatically detokenized, so that the third-party will receive plain text data. All other headers and payload objects will be kept the same.

🚧

In sandbox mode, only test credentials are allowed.

Example

The Stripe Tokens Pull (Receiver) integration has been added to your account and you can then forward them credit card details.

curl --request POST \
  --url 'https://sandbox.pci-proxy.com/v1/pull' \
  --header 'pci-proxy-api-key: {{pciProxyApiKey}}' \
  --header 'x-cc-merchant-id: {{merchantId}}' \
  --header 'x-cc-url: https://api.stripe.com/v1/tokens' \
  --data 'card[number]=AAABcHxr-sDssdexyrAAAfyXWIgaAF40&card[exp_month]=12&card[exp_year]=2018'

In the payload, instead of the actual card[number], you would put your PCI Proxy token. It will be detokenized before it reached https://api.stripe.com/v1/tokens.

{
  "id": "tok_1CHoPL2eZvKYlo2Ck6KE483n",
  "object": "token",
  "card": {
    "id": "card_1CHoPL2eZvKYlo2CrbEHZ0G1",
    "object": "card",
    "address_city": null,
    "address_country": null,
    "address_line1": null,
    "address_line1_check": null,
    "address_line2": null,
    "address_state": null,
    "address_zip": null,
    "address_zip_check": null,
    "brand": "Visa",
    "country": "US",
    "cvc_check": null,
    "dynamic_last4": null,
    "exp_month": 12,
    "exp_year": 2018,
    "fingerprint": "Xt5EWLLDS7FJjR1c",
    "funding": "credit",
    "last4": "4242",
    "metadata": {},
    "name": null,
    "tokenization_method": null
  },
  "client_ip": "91.223.186.160",
  "created": 1523950759,
  "livemode": false,
  "type": "card",
  "used": false
}

The response does not contain any sensitive card information so it is returned to you without modification.