Server-Side Tokenization
Tokenize from sFTP
Download a file from an sFTP server through PCI Booking. Card data is extracted, tokenized, and the sanitized file content is returned.
GET
File Transfer Tokenization Guide
Tokenize card data from SFTP file transfers
If the path ends with
/, PCI Booking returns a directory listing instead of downloading a file.Error Responses
Parameter Constraints
- serverAddress: Format is
hostnameorhostname:port. Only one colon is allowed. Default port is 22. - filter: Must be one of:
GBT,SIMPLECSV,SIMPLEJSON,AIR,IUR,TADC,CSV. Case-insensitive. - Authorization header: Must contain valid Basic Auth credentials (
username:password) for the SFTP/FTPS server.
Parameters
Authentication
Recommended. A long-lived token for browser-side calls. How to generate.
Alternative. Valid for 5 minutes. How to generate.
Path Parameters
The sFTP server address. This can be an IP address or domain name. If required, add the port number with a colon. For example:
fsgatewaytest.aexp.com:22 or 10.200.1.10.The folder path where the file should be downloaded from. This can be an individual folder or a full path.
The file name to download, including extension. For example:
PCIBTST.xml.Query String
The file format filter that tells PCI Booking how to parse the file content and locate card data.
The number of seconds PCI Booking should wait for the sFTP server to respond.
A reference value which can be used to query for this card token.
The user ID of the property to associate the token with. Found under “Property settings” in the user’s site.
Controls whether PCI Booking checks if the card already exists as a token in your account.
true: PCI Booking looks up the card in your stored tokens. If a match is found, the existing token URI is returned instead of creating a new one.false(default): A new token is always created, even if the same card was previously stored.
Headers
PCI Booking supports request compression in
gzip and deflate formats. Set this header as needed. Omit if no compression is required.Response
200 - The file content with card details masked. Token URIs are returned in theX-pciBooking-cardUri header.
Remember to set the CVV Retention Policy on the token.

