PCI Booking provides a simple, Restful, API to perform all actions regarding a credit card.

PCI Booking is made up of several application areas. This developers site contains a guide and a reference manual for each application area.

  • The guides allow software architects and designers to have a broad view on the system operation and easily pick up those components which can fit the best different application scenarios.
  • The reference manuals allow developers to have a clear understanding of which methods are available, what input parameters are required for each method and the expected results of each.

Process Request Headers Added By The Gateway

When a request is sent from a third party through the PCI Booking gateway to you, PCI Booking will add additional headers to the request processed. Some of these headers are designed for internal diagnostics in PCI Booking, some are designed to provide you with additional information and some are added as part of the processing of te request by the PCI Booking internal components.

This guide will help identify and explain each of the headers and what they should be used for.

X-Amzn-Trace-Id: Root=1-5c2a3e7f-534419405f0a9800b1ba9920
X-Forwarded-Port: 443
X-Forwarded-Proto: https
X-Forwarded-Protocol: https
X-Forwarded-Ssl: on
X-Pcibooking-Tokenization-Warnings: [1005] Card type is missing
X-Token: https://service.pcibooking.net/api/payments/paycard/c8882c7d3b6a433f91d64cb21eb70d0a

Header Name


Should you process this header?


Used for internal diagnostics in PCI Booking.

We recommend keeping the value of this header for logging purposes - however not required.


A list of IP addresses that processed this message - starting from the third party and ending with PCI Booking.
Read more on processing the list of IP addresses

We recommend processing the list of IP addresses - particularly if you perform any type of IP address whitelisting.


The port in which the request was forwarded on. Should always be 443.

You can disregard this header.


Both of these headers should have the same value - the protocol that the requests was forwarded on. Should always be HTTPS.

You can disregard these headers.


Indicates if SSL was enabled for the forwarded. Should always be on.

You can disregard this header.


A list of warnings if there were any issues with the tokenization process.

We strongly recommend that you process this header and set up a workflow to address these warnings.


The IP address used to send the request. Usually this would be the PCI Booking address as it was the las server to process the request before it was sent to you.

We recommend using the X-Forwarded-For header as it contains more information - in which case, you can disregard this header.


The card token(s) will be listed in this header in a semi-colon separated list.

We recommend processing this header and allowing for situations where there are multiple tokens listed (in case there are multiple cards in the request).

Updated about a year ago

Process Request Headers Added By The Gateway

Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.