1. Add Receiver

Before you can forward stored card data to a remote server you have to add the remote server as a Receiver to your account. You can either pick from our list of supported Receivers or add new ones:

Click to Add Receivers

2. Select forward method

PCI Proxy supports two forwarding methods /v1/pull/ and /v1/push/ to suit all your needs.

Forwarding card data to a remote server via HTTPS can work in two ways. In general, either you perform a pull request to forward card data to the Receiver or a Receiver starts a push request to receive card data from you in the response. PCI Proxy can populate both operations with sensitive data.

/v1/pull/

/v1/push/

You start the request.

The Receiver starts the request.

post
PULL method

https://sandbox.pci-proxy.com
/v1/pull
/v1/pull method allows you to send a request via PCI Proxy to a Receiver API endpoint. When the request arrives at PCI Proxy, your payload is instantly filtered for tokens, all tokens will be detokenized and your payload is populated with sensitive card data before it arrives at the Receiver. Just add the following header params to your request and redirect your request to the /v1/pull endpoint. All other headers and your payload will be kept and routed through PCI Proxy without modification.
Request
Response
Headers
X-CC-MERCHANT-ID
required
string
Your unique account id at PCI Proxy (e.g. 1000011011)
X-CC-SIGN
required
string
Your security sign (e.g. 30916165706580013)
X-CC-URL
required
string
API endpoint (https://api.channel.com/)
200: OK
Response depends on Receiver API.
<!-- remote server response - see example below -->

In test mode, only test credit cards are allowed.

Process Flow

Process Flow with PCI Proxy

Examples

Once a PULL Receiver is added to your merchantId, simply redirect requests to it via the PCI Proxy:

Forward to Stripe
Response
curl https://sandbox.pci-proxy.com/v1/pull \
-H 'X-CC-MERCHANT-ID: 1000011011' \
-H 'X-CC-SIGN: 30916165706580013' \
-H 'X-CC-URL: https://api.stripe.com/v1/tokens' \
-u sk_test_BQokikJOvBiI2HlWgH4olfQ2: \
-d 'card[number]=424242SKMPRI4242' \
-d 'card[exp_month]=12' \
-d 'card[exp_year]=2018'

Your request is automatically filtered for tokens. Located tokens are detokenized and your payload is populated with full card data before it arrives at the Receiver endpoint. Thereby, the Receiver API endpoint obtains full credit card data.

post
PUSH method

https://sandbox.pci-proxy.com
/v1/push:uniquePushKey
/v1/push method allows you to receive a request via PCI Proxy on a uniquePushKey endpoint. Your partners can push requests to this unique PCI Proxy endpoint to ask for credit card data in the response. Hence, it is routed via PCI Proxy, your response payload is instantly filtered for tokens, all tokens will be detokenized and your response payload is populated with sensitive card data before it arrives at the Receiver. All other headers and payload will be kept and routed through PCI Proxy without modification.
Request
Response
Path Parameters
uniquePushKey
optional
string
Your partner can simply push its request to the uniquePushKey endpoint.
200: OK
Response depends on your API.
<!-- your response - tokens will be detokenized and card data forwarded -->

In test mode, only test credit cards are allowed.

Process Flow

Process Flow with PCI Proxy

Examples

When you add a PUSH Receiver to your account, you receive a {uniquePushKey} for each Receiver that is set up. Together with our PCI Proxy PUSH service URL, it results in a unique PCI Proxy Endpoint that is specific to that Receiver. Now, redirect requests coming from a Receiver with a single step:

  1. Change endpoint at Receiver from Your API Endpoint to unique PCI Proxy Endpoint

If needed, whitelist IP addresses of PCI Proxy at Receiver.

As the request is routed via PCI Proxy, the response payload is automatically filtered for tokens. Located tokens are detokenized and your response payload is populated with full card data before it arrives at the Receiver endpoint. Thereby, the Receiver API endpoint obtains full credit card data.