Pull: HTTPS to SFTP integrations

Forward sensitive data to SFTP locations.

In addition to HTTP to HTTP integrations such as Pull and Push, you can also forward tokens to SFTP locations through us. Once again, they will be detokenized before hitting the SFTP Receiver.

We currently support the following file types:

  • BTA
  • TACS


In sandbox mode, only test credentials are allowed.

1. Add a SFTP Recevier to your merchant account

These are usually prefixed with 'SFTP' so you will be able to find them easily in the Integration list. See Adding Integrations for more information. Once installed and activated you can start setting up your redirects.

2. Redirect a SFTP Receiver through PCI Proxy

You can redirect requests in two ways.

Simple POST request

  1. Insert tokens into the payload of your request
  2. Use the PCI Proxy Endpoint and relevant parameters
curl --request POST \
  --url 'https://sandbox.pci-proxy.com/v1/ft?merchantId={{merchantId}}&sign={{sign}}&url=sftp://[email protected]/folder/test-filename.txt&password={{password}}&type=BTA' \
  --header 'Content-Type: text/plain; charset=UTF-8' \
  --data '0000080915K...'

The service responds based on the Accept header: application/json (default), application/xml and text/plain are accepted.

A x-www-form-url encoded request

In the same way as above, prepare your file which contains tokens and send this to the FT endpoint with data as a form.

curl --request POST \
  --url 'https://sandbox.pci-proxy.com/v1/ft' \
  --header 'Accept: text/plain' \
  --header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
  --data merchantId={{merchantId}} \
  --data sign={{sign}} \
  --data url=sftp://[email protected]/folder/test.txt \
  --data file=some_file_content \
  --data password=XYZ \
  --data type=BTA

Your request will be populated with sensitive card data on the way out of PCI Proxy and your Receiver receives plain text data.