Token Replacement in Response (Gateway)

PCI Booking users (e-commerce sites; e.g., OTAs) who work with third parties that send requests to the PCI Booking user's APIs to retrieve card details should use the Tokenization Gateway service.

How It Works

The gateway will behave as a sort of "proxy" or "interceptor" for the e-commerce API. It will be set up in such a way that all requests that should go to the e-commerce API would be routed first through the gateway and, from there, relayed to the e-commerce API. The response from the e-commerce's API will be relayed back to the sender through the gateway as well.

The gateway will be configured with a site name of the client's choice and will use the SSL certificate from the client.

The gateway will be set up with a profile for each site. The profile will contain a set of content filters (a set of instructions that indicate where, in the message, is the credit card information located).
Once the response from the e-commerce's API is relayed back through the gateway, the gateway will perform a token replacement and include the card details of the token in the request body.
Then the response will be relayed back to the sender.


Response compression

PCI Booking supports request compression in the formats of gzip and deflate. When sending the response that should be compressed with one of these formats, please add the Content-Encoding header with the value of gzip or deflate. If no compression is necessary, please omit this header from your response.

Request processing

A request will be processed as follows:

  • Third party sends a request to the e-commerce's API.
  • PCI Booking intercepts the request and relays it to the target URI (if necessary, tokenization can be performed at this stage - for more information, please read about Tokenization in Request (Gateway))
  • The e-commerce API processes the request and returns a response which includes the PCI Booking token in a specific header.
  • PCI Booking performs token replacement on the response and the response with the card details is relayed back to the sender.

Setting up a Gateway Endpoint

Setup and configuration of the gateway is done by the PCI Booking support team. In order to set up a new gateway endpoint, please contact our support team and provide the following details:

  • Your username in PCI Booking
  • The target URI that you would like the messages to be relayed to once processing in the gateway has been completed.
  • The structure of the message(s) that should be processed by the gateway (the messages should be either in XML or JSON formats).