Links

Request Types

In general, either you start a request (PULL) or a remote server starts a request (PUSH). Depending on where the sensitive data is found (request/response), PCI Proxy extracts or populates sensitive data on the fly.

Receive from Channel

Receiving card data from a remote server (Channel) can work in two ways. In general, either you perform a /v1/pull/ request to receive card data from the Channel or the Channel starts a /v1/push/ request with card data. PCI Proxy can tokenize and store sensitive data on both operations.
PULL without PCI Proxy
PULL via PCI Proxy
PUSH without PCI Proxy
PUSH via PCI Proxy
  1. 1.
    You start a request against a Channel API endpoint.
  2. 2.
    The Channel returns a response containing sensitive data to you.
  1. 1.
    You start a request to the PCI Proxy endpoint.
  2. 2.
    PCI Proxy forwards the request to the Channel API endpoint.
  3. 3.
    The Channel returns a response containing sensitive data to PCI Proxy.
  4. 4.
    PCI Proxy scans the response and tokenizes the card data.
  5. 5.
    PCI Proxy forwards the response with tokens to you.
  1. 1.
    The Channel starts a request with card data to your API endpoint (you are in PCI scope).
  1. 1.
    The Channel starts a request with card data to a PCI Proxy endpoint.
  2. 2.
    PCI Proxy scans the request and tokenizes the card data.
  3. 3.
    PCI Proxy forwards the request with tokens to your API endpoint (you are out of PCI scope).

Forward to Receiver

Forwarding card data to a remote server (Receiver) can work in two ways. In general, either you perform a /v1/pull/ request to forward card data to a Receiver or the Receiver starts a /v1/push/ request to ask for card data. PCI Proxy can populate sensitive data on both operations.
PULL without PCI Proxy
PULL via PCI Proxy
PUSH without PCI Proxy
PUSH via PCI Proxy
  1. 1.
    You start request with card data to Receiver API endpoint.
  1. 1.
    You start a request with token to a PCI Proxy endpoint.
  2. 2.
    PCI Proxy detokenizes and populates the request with card data.
  3. 3.
    PCI Proxy forwards the request with card data to a Receiver.
  1. 1.
    A Receiver starts a request to your API endpoint.
  2. 2.
    You return a response with card data to the Receiver.
  1. 1.
    The Receiver starts a request to PCI Proxy endpoint.
  2. 2.
    PCI Proxy forwards the request to your API endpoint.
  3. 3.
    You return a response with tokens to PCI Proxy.
  4. 4.
    PCI Proxy detokenizes and populates the response body with card data.
  5. 5.
    PCI Proxy forwards the response with card data to the Receiver.