This Pull method allows you to send a request via PCI Proxy to a partner API endpoint in order to receive a response where the payload is filtered for credit card data and automatically tokenized.


You can send payloads containing PCI Proxy tokens to your parnter APIs and they will be swapped with their raw values before hitting your partner's server.

In either case, add the specified header parameters to your request and redirect your request to the /v1/pull endpoint. All the other headers and your payload will be kept and routed through PCI Proxy without modification.


In this example, you request a data from, where they return sensitive credit card information.

curl --request POST \
  --url \
  --header 'Content-Type: application/xml' \
  --header 'pci-proxy-api-key: ' \
  --header 'x-cc-merchant-id: merchantId' \
  --header 'x-cc-url:' \
  --data '<?xml version="1.0" encoding="UTF-8"?>

The response is returned to you like the below. Notice that the <cc_number> field has been replaced by the PCI Proxy token.

<?xml version="1.0" encoding="UTF-8"?>
    <address>Vista 2, 3º izq</address>
    <cc_name>John Doe</cc_name>
    <company />
    <dc_issue_number />
    <dc_start_date />
    <email>[email protected]</email>
    <remarks>Booker is travelling for business...</remarks>
    <telephone>666 428 664</telephone>
  <!-- remaining response has been truncated for better visability -->