Content Filters
A content filter is an XML structure which provides instructions to the PCI Booking system on how to parse a message. The content filter is set as part of Setting up a Target Profile and is used on messages sent through the Tokenization in Response and Token Replacement in Request processes.
The content filter can be set up to process both credit card data and 3D Secure authentication data.
General
PCI Booking supports content filters for the following scenarios:
- When the content to be parsed is in the URL of the request.
- When the content to be parsed is in the body of the request as an XML message.
- When the content to be parsed is in the body of the request as a JSON message.
- When the content to be parsed is in the body of the request as a URL encoded form data.
The XML structure is the same in all cases and only the content settings change. Below are examples of content filters for tokenization and token replacement.
The selector property of each element in the XML represents the path that the PCI Booking system needs to go through in order to locate the value for this parameter.
Some of the card elements may contain formatting instructions:
- The
expYearandexpMonthcan include aformatproperty to set the format of the date:- For the expiration year, you can set the format to be either
YYorYYYY. - For the expiration month, you can set the format to be either
MorMM.
- For the expiration year, you can set the format to be either
- The
expYearandexpMonthcan also include asubstringproperty in order to allow concatenation or separation of these values into one combined value.- The first number is the start location and the second number is the length of characters to store
- For example, if the card expiration date is listed in a field called
expDateand the format of this date is "DD-MM-YYYY" (01-02-2019), then the applicable selectors for these two fields would be:
<expYear selector="expDate" format="YYYY" substring="6,4"></expYear>
<expMonth selector="expDate" format="MM" substring="3,2"></expMonth>
- The
nameOnCardcan be set with a limit of the number of characters stored within the token. This is set in the format ofsubstring="0,32"- the first number is the start location and the second number is the length of characters to store.- Currently PCI Booking supports storing up to 32 characters in the card owner name field.
- The
typecan be set with a list of mapping from card types stored in PCI Booking to the types that the third party uses.
When designing a content filter that can also process 3DS authentication data, please make sure to specify the relevant fields in the <threeDs> XML block.
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<content selector="/reservation/payments/payment[@type='cc']/bankCard">
<number selector="num" />
<expYear selector="expiration" substring="0,4" />
<expMonth selector="expiration" substring="5" />
<nameOnCard selector="cardHolderName" />
<securityCode selector="@cvv" />
<issueNumber selector="issue_number" />
<type selector="Type" />
<threeDs>
<auth selector="AuthenticationValue" />
<eci selector="eci" />
<xid selector="xid" />
<version selector="Version" />
<acs selector="ACSTransId"/>
</threeDs>
</content>
</transform>
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<replace selector="/*/*/*/*/*/*">
<number selector="*[local-name()='Number']" />
<expYear selector="*[local-name()='ExpirationDate']/*[local-name()='Year']" format="YY" />
<expMonth selector="*[local-name()='ExpirationDate']/*[local-name()='Month']" format="MM" />
<nameOnCard selector="*[local-name()='NameOnCard']" />
<securityCode selector="*[local-name()='CVV']" />
<issueNumber selector="*[local-name()='IssueNumber']" />
<type selector="*[local-name()='Type']">
<Visa>Visa</Visa>
<AMEX>AMEX</AMEX>
<MasterCard>MasterCard</MasterCard>
<Dankort>Dankort</Dankort>
<DinersClub>DinersClub</DinersClub>
</type>
<threeDs>
<auth selector="*[local-name()='AuthenticationValue']" />
<eci selector="*[local-name()='eci']" />
<xid selector="*[local-name()='xid']" />
<version selector="*[local-name()='Version']" />
<acs selector="*[local-name()='ACSTransId']"/>
</threeDs>
</replace>
</transform>
Content in the URL
This scenario is usually only for the token replacement method (i.e. when pushing the card details to a third party). In this scenario, you would have to use the following formats:
- The
typeproperty of thetransformelement would bequerystring. - The
replaceelement will not have aselectorproperty (the location of the fields is known) - The
selectorproperty of each of the card elements would simply be the name of the querystring key that the value should be set with.
Below is an example of a profile for replacing the card details into this URL query string:
http://httpbin.org/post?card_number=&card_exp_year=&card_exp_month=&card_owner=&card_cvv=&card_type=&authentication_value=&eci=&id=&version=
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles"
type="querystring">
<replace>
<number selector="card_number"></number>
<expYear selector="card_exp_year" format="YY"></expYear>
<expMonth selector="card_exp_month" format="MM"></expMonth>
<nameOnCard selector="card_owner"></nameOnCard>
<securityCode selector="card_cvv"></securityCode>
<type selector="card_type">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
</replace>
</transform>
Content in the body as XML
This scenario can be used both for tokenization of the response and token replacement into the request. In this scenario, you would have to use the following formats:
- The
typeproperty of thetransformelement would bebody. - The
replace(for token replacement) or thecontent(for tokenization) element will have aselectorproperty to indicate the xpath settings for the parent element of the card details. (for simplicity, we recommend using the*wildcard in order to indicate a level down.- For example, if the card details are all stored within the element
BankCardand this element is the second level in the XML, the selector would be/*/*[local-name()='BankCard']
- For example, if the card details are all stored within the element
- The
selectorproperty of each of the card elements would be the xpath settings for this element from the parent selector.
XML name space
in order to overcome namespace conventions, we recommend using the
[local-name()='elementName'command. This will ignore the namespace and will look only for the element's name itself.
Below is an example of an XML message body and the corresponding content filter for this message:
<message>
<otherElements>
<childElement1></childElement1>
<childElement2></childElement2>
</otherElements>
<BankCard>
<card_number></card_number>
<card_exp_year></card_exp_year>
<card_exp_month></card_exp_month>
<card_owner></card_owner>
<card_cvv></card_cvv>
<card_type></card_type>
</BankCard>
<threeDS>
<AuthenticationValue></AuthenticationValue>
<ECI></ECI>
<ID></ID>
<Version></Version>
<ACSTransId></ACSTransId>
</threeDS>
</message>
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<replace selector="/*/*[local-name()='BankCard']">
<number selector="*[local-name()='card_number']"></number>
<expYear selector="*[local-name()='card_exp_year']" format="YYYY"></expYear>
<expMonth selector="*[local-name()='card_exp_month']" format="MM"></expMonth>
<nameOnCard selector="*[local-name()='card_owner']"></nameOnCard>
<securityCode selector="*[local-name()='card_cvv']"></securityCode>
<type selector="*[local-name()='card_type']">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
<threeDs>
<auth selector="*[local-name()='AuthenticationValue']" />
<eci selector="*[local-name()='ECI']" />
<xid selector="*[local-name()='ID']" />
<version selector="*[local-name()='Version']" />
<acs selector="*[local-name()='ACSTransId']" />
</threeDs>
</replace>
</transform>
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<content selector="/*/*[local-name()='BankCard']">
<number selector="*[local-name()='card_number']"></number>
<expYear selector="*[local-name()='card_exp_year']" format="YYYY"></expYear>
<expMonth selector="*[local-name()='card_exp_month']" format="MM"></expMonth>
<nameOnCard selector="*[local-name()='card_owner']"></nameOnCard>
<securityCode selector="*[local-name()='card_cvv']"></securityCode>
<type selector="*[local-name()='card_type']">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
<threeDs>
<auth selector="*[local-name()='AuthenticationValue']" />
<eci selector="*[local-name()='ECI']" />
<xid selector="*[local-name()='ID']" />
<version selector="*[local-name()='Version']" />
<acs selector="*[local-name()='ACSTransId']" />
</threeDs>
</content>
</transform>
Content in the body as JSON
This scenario can be used both for tokenization of the response and token replacement into the request. In this scenario, you would have to use the following formats:
- The
typeproperty of thetransformelement would bebody. - The
replace(for token replacement) or thecontent(for tokenization) element will have aselectorproperty to indicate the jpath settings for the parent element of the card details. (for simplicity, we recommend using the.wildcard in order to indicate a level down.- For example, if the card details are all stored within the element
BankCardand this element is the second level in the JSON, the selector would be$..BankCard
- For example, if the card details are all stored within the element
- The
selectorproperty of each of the card elements would be the jpath settings for this element from the parent selector.
Below is an example of an JSON message body and the corresponding content filter for this message:
{
"message": {
"otherElements": {
"ChildElement1": "some value",
"childElement2": "some value"
},
"BankCard": {
"card_number": "",
"card_exp_year": "",
"card_exp_month": "",
"card_owner": "",
"card_cvv": "",
"card_type": "",
"threeDS": {
"AuthenticationValue": "",
"ECI": "",
"ID": "",
"Version": "",
"ACSTransId": ""
}
}
}
}
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<replace selector="$..BankCard">
<number selector="card_number"></number>
<expYear selector="card_exp_year" format="YYYY"></expYear>
<expMonth selector="card_exp_month" format="MM"></expMonth>
<nameOnCard selector="card_owner"></nameOnCard>
<securityCode selector="card_cvv"></securityCode>
<type selector="card_type">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
<threeDs>
<auth selector="AuthenticationValue" />
<eci selector="ECI" />
<xid selector="ID" />
<version selector="Version" />
<acs selector="ACSTransId" />
</threeDs>
</replace>
</transform>
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<content selector="$..BankCard">
<number selector="card_number"></number>
<expYear selector="card_exp_year" format="YYYY"></expYear>
<expMonth selector="card_exp_month" format="MM"></expMonth>
<nameOnCard selector="card_owner"></nameOnCard>
<securityCode selector="card_cvv"></securityCode>
<type selector="card_type">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
<threeDs>
<auth selector="AuthenticationValue" />
<eci selector="ECI" />
<xid selector="ID" />
<version selector="Version" />
<acs selector="ACSTransId" />
</threeDs>
</content>
</transform>
Content in the body as form data
This scenario can be used both for tokenization of the response and token replacement into the request. In this scenario, you would have to use the following formats:
- The
typeproperty of thetransformelement would bebody. - The
replace(for token replacement) or thecontent(for tokenization) element will not have aselectorproperty (the location of the fields is known) - The
selectorproperty of each of the card elements would simply be the name of the form data key that the value should be set with.
Below is an example of a profile for processing the card details in this form data key/value pairs:
guestName=Sam&card_type=&card_number=&expDate=xx-xx&card_cvv=&card_owner=&authentication_value=&eci=&id=&version=&amount=1200
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<replace>
<number selector="card_number"></number>
<expYear selector="expDate" format="YY" substring="3,2"></expYear>
<expMonth selector="expDate" format="MM" substring="0,2"></expMonth>
<nameOnCard selector="card_owner"></nameOnCard>
<securityCode selector="card_cvv"></securityCode>
<type selector="card_type">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
<threeDs>
<auth selector="AuthenticationValue" />
<eci selector="ECI" />
<xid selector="ID" />
<version selector="Version" />
<acs selector="ACSTransId" />
</threeDs>
</replace>
</transform>
<?xml version="1.0" encoding="utf-8" ?>
<transform xmlns="http://www.pcibooking.net/pciShieldProfiles" type="body">
<content>
<number selector="card_number"></number>
<expYear selector="expDate" format="YY" substring="3,2"></expYear>
<expMonth selector="expDate" format="MM" substring="0,2"></expMonth>
<nameOnCard selector="card_owner"></nameOnCard>
<securityCode selector="card_cvv"></securityCode>
<type selector="card_type">
<Visa>VA</Visa>
<AMEX>AE</AMEX>
<MasterCard>MC</MasterCard>
<Dankort>DK</Dankort>
<DinersClub>DC</DinersClub>
</type>
<threeDs>
<auth selector="AuthenticationValue" />
<eci selector="ECI" />
<xid selector="ID" />
<version selector="Version" />
<acs selector="ACSTransId" />
</threeDs>
</content>
</transform>
Updated 7 months ago