Skip to main content
GET

File Transfer Tokenization Guide

Tokenize card data from SFTP file transfers
Also available over FTPS:
PCI Booking connects to the sFTP server, downloads the file, tokenizes any card data found in it (based on the specified filter), and returns the sanitized file content with the following custom headers:
If the path ends with /, PCI Booking returns a directory listing instead of downloading a file.

Error Responses

Parameter Constraints

  • serverAddress: Format is hostname or hostname:port. Only one colon is allowed. Default port is 22.
  • filter: Must be one of: GBT, SIMPLECSV, SIMPLEJSON, AIR, IUR, TADC, CSV. Case-insensitive.
  • Authorization header: Must contain valid Basic Auth credentials (username:password) for the SFTP/FTPS server.

Parameters

Authentication

This is a browser-facing endpoint. Use one of the authentication methods below instead of the API key shown above.
accessToken
string
Recommended. A long-lived token for browser-side calls. How to generate.
sessionToken
string
Alternative. Valid for 5 minutes. How to generate.
If both are provided, the session token takes precedence.

Path Parameters

serverAddress
string
required
The sFTP server address. This can be an IP address or domain name. If required, add the port number with a colon. For example: fsgatewaytest.aexp.com:22 or 10.200.1.10.
folderPath
string
required
The folder path where the file should be downloaded from. This can be an individual folder or a full path.
fileName
string
required
The file name to download, including extension. For example: PCIBTST.xml.

Query String

filter
string
required
The file format filter that tells PCI Booking how to parse the file content and locate card data.
timeout
string
The number of seconds PCI Booking should wait for the sFTP server to respond.
ref
string
A reference value which can be used to query for this card token.
merchantId
string
The user ID of the property to associate the token with. Found under “Property settings” in the user’s site.
eliminateCardDuplication
boolean
default:"false"
Controls whether PCI Booking checks if the card already exists as a token in your account.
  • true: PCI Booking looks up the card in your stored tokens. If a match is found, the existing token URI is returned instead of creating a new one.
  • false (default): A new token is always created, even if the same card was previously stored.

Headers

Content-Encoding
string
PCI Booking supports request compression in gzip and deflate formats. Set this header as needed. Omit if no compression is required.

Response

200 - The file content with card details masked. Token URIs are returned in the X-pciBooking-cardUri header.
Remember to set the CVV Retention Policy on the token.