> ## Documentation Index
> Fetch the complete documentation index at: https://developers.pcibooking.net/llms.txt
> Use this file to discover all available pages before exploring further.

# File Transfer Tokenization

> Tokenize card numbers in file transfers. PCI Booking acts as a secure SFTP/FTPS proxy, replacing card data with tokens.

PCI Booking acts as a secure file transfer proxy between you and a third party's file server. You make an [API call](/api-reference/tokenize-cards/tokenize-from-sftp) specifying the remote server, and PCI Booking connects, downloads the file, tokenizes all card numbers, and returns the tokenized content to you. Card data never touches your systems.

## Supported Protocols

| Protocol | Default Port | Description                 |
| -------- | ------------ | --------------------------- |
| **SFTP** | 22           | SSH File Transfer Protocol. |
| **FTPS** | 990          | FTP over TLS.               |

## How It Works

PCI Booking acts as a proxy between your system and the third party's file server. Your system never connects directly to the remote server, so card data never passes through your infrastructure.

1. You call [`GET /api/sftp/{host}/{path}`](/api-reference/tokenize-cards/tokenize-from-sftp) or `GET /api/ftps/{host}/{path}`, passing the third party's server credentials in the Authorization header along with a `fileFormat` parameter that tells PCI Booking which parser to apply.
2. PCI Booking establishes a secure connection to the third party's file server using the provided credentials and downloads the specified file.
3. PCI Booking applies the selected file format parser to locate all card numbers within the file content, tokenizes each card number, and stores the real card data in its PCI DSS Level 1 certified vault.
4. PCI Booking returns the modified file content to your system with all card numbers replaced by tokens. The file structure and all non-card data remain unchanged.

Your existing file processing logic continues to work without modification. The only difference is that card number fields now contain PCI Booking tokens instead of real card numbers.

To send tokenized data back to a third party via file transfer (the reverse direction), see [File Transfer Token Replacement](/use-tokens/file-transfer-token-replacement).

## Setup Requirements

Before using file transfer tokenization, you need:

* **A PCI Booking account** with API access. See [Create an Account](/getting-started/create-account) and [Authentication](/getting-started/authentication) for setup.
* **Third-party server credentials.** The SFTP or FTPS hostname, port, username, and password (or SSH key) for the remote file server. These are passed in the API call, not stored in PCI Booking.
* **File format identification.** Determine which file format parser matches your file structure (see the table below). If unsure, send a sample file to support.
* **Network access.** PCI Booking's servers must be able to reach the third party's file server. If the remote server has IP restrictions, contact support for the list of PCI Booking egress IPs to allowlist.

## Supported File Formats

PCI Booking supports several file format parsers to locate card data within different file structures:

| Format     | Description                                          |
| ---------- | ---------------------------------------------------- |
| GBT        | GBT travel industry format.                          |
| SIMPLECSV  | CSV files with card numbers in identifiable columns. |
| SIMPLEJSON | JSON files with card numbers in identifiable fields. |
| AIR        | Airline industry format.                             |
| IUR        | IUR format.                                          |
| TADC       | TADC XML travel industry card data format.           |
| CSV        | Generic CSV format.                                  |

<Info>
  Not sure if your file structure matches one of these formats? Contact [support@pcibooking.net](mailto:support@pcibooking.net) with a sample of the file. If your format is not yet supported, our team can enhance the system to handle it.
</Info>

## Use Cases

* Receiving card data from booking systems, GDS providers, or travel partners via file transfer.
* TADC-based integrations with travel industry systems.

## Next Steps

<CardGroup cols={2}>
  <Card title="File Transfer Token Replacement" icon="book" href="/use-tokens/file-transfer-token-replacement">
    Send tokenized card data to a third party via SFTP/FTPS (the reverse direction).
  </Card>

  <Card title="Capture Cards Overview" icon="book" href="/capture-cards/overview">
    All available tokenization methods.
  </Card>

  <Card title="Target Profiles" icon="crosshairs" href="/account-setup/target-profiles">
    Configure target profiles for file transfer connections.
  </Card>
</CardGroup>

## Related

* [Tokenize from SFTP API](/api-reference/tokenize-cards/tokenize-from-sftp) - API reference for SFTP tokenization
* [Token Replacement via SFTP](/api-reference/process-cards/token-replacement-sftp) - Send card data to a third party's SFTP server
