Skip to main content
PCI Booking acts as a secure file transfer proxy between you and a third party’s file server. You make an API call specifying the remote server, and PCI Booking connects, downloads the file, tokenizes all card numbers, and returns the tokenized content to you. Card data never touches your systems.

Supported Protocols

How It Works

PCI Booking acts as a proxy between your system and the third party’s file server. Your system never connects directly to the remote server, so card data never passes through your infrastructure.
  1. You call GET /api/sftp/{host}/{path} or GET /api/ftps/{host}/{path}, passing the third party’s server credentials in the Authorization header along with a fileFormat parameter that tells PCI Booking which parser to apply.
  2. PCI Booking establishes a secure connection to the third party’s file server using the provided credentials and downloads the specified file.
  3. PCI Booking applies the selected file format parser to locate all card numbers within the file content, tokenizes each card number, and stores the real card data in its PCI DSS Level 1 certified vault.
  4. PCI Booking returns the modified file content to your system with all card numbers replaced by tokens. The file structure and all non-card data remain unchanged.
Your existing file processing logic continues to work without modification. The only difference is that card number fields now contain PCI Booking tokens instead of real card numbers. To send tokenized data back to a third party via file transfer (the reverse direction), see File Transfer Token Replacement.

Setup Requirements

Before using file transfer tokenization, you need:
  • A PCI Booking account with API access. See Create an Account and Authentication for setup.
  • Third-party server credentials. The SFTP or FTPS hostname, port, username, and password (or SSH key) for the remote file server. These are passed in the API call, not stored in PCI Booking.
  • File format identification. Determine which file format parser matches your file structure (see the table below). If unsure, send a sample file to support.
  • Network access. PCI Booking’s servers must be able to reach the third party’s file server. If the remote server has IP restrictions, contact support for the list of PCI Booking egress IPs to allowlist.

Supported File Formats

PCI Booking supports several file format parsers to locate card data within different file structures:
Not sure if your file structure matches one of these formats? Contact support@pcibooking.net with a sample of the file. If your format is not yet supported, our team can enhance the system to handle it.

Use Cases

  • Receiving card data from booking systems, GDS providers, or travel partners via file transfer.
  • TADC-based integrations with travel industry systems.

Next Steps

File Transfer Token Replacement

Send tokenized card data to a third party via SFTP/FTPS (the reverse direction).

Capture Cards Overview

All available tokenization methods.

Target Profiles

Configure target profiles for file transfer connections.