Request Types

In general, either you start a request (PULL) or a remote server starts a request (PUSH). Depening on where to find sensitive data (request/response), PCI Proxy extracts or populates sensitive data on the fly.

Receive from Channel

Receiving card data from a remote server (Channel) can work in two ways. In general, either you perform a /v1/pull/ request to receive card data from the Channel or the Channel starts a /v1/push/ request with card data. PCI Proxy can tokenize and store sensitive data on both operations.

PULL without PCI Proxy
PULL via PCI Proxy
PUSH without PCI Proxy
PUSH via PCI Proxy
  1. You start a request against Channel API endpoint.

  2. Channel returns response with card data to you.

  1. You start a request against PCI Proxy endpoint.

  2. PCI Proxy forward request to Channel API endpoint.

  3. Channel returns response with card data to PCI Proxy.

  4. PCI Proxy scans response and tokenizes card data.

  5. PCI Proxy forward response with tokens to you.

  1. Channel starts a request with card data to your API endpoint (you are in PCI scope).

  1. Channel starts request with card data to PCI Proxy endpoint.

  2. PCI Proxy scans request and tokenizes card data.

  3. PCI Proxy forwards request with tokens to your API endpoint (you are out of PCI scope).

Forward to Receiver

Forwarding card data to a remote server (Receiver) can work in two ways. In general, either you perform a /v1/pull/ request to forward card data to a Receiver or the Receiver starts a /v1/push/ request to ask for card data. PCI Proxy can populate sensitive data on both operations.

PULL without PCI Proxy
PULL via PCI Proxy
PUSH without PCI Proxy
PUSH via PCI Proxy
  1. You start request with card data to Receiver API endpoint.

  1. You start a request with token to PCI Proxy endpoint.

  2. PCI Proxy detokenizes and populates request with card data.

  3. PCI Proxy forwards request with card data to Receiver.

  1. Receiver starts a request to your API endpoint.

  2. You return response with card data to Receiver.

  1. Receiver starts request to PCI Proxy endpoint.

  2. PCI Proxy forwards request to your API endpoint.

  3. You return a response with token to PCI Proxy.

  4. PCI Proxy detokenizes and populates response with card data.

  5. PCI Proxy forwards response with card data to Receiver.