Token Replacement to FTP server

supports both FTPS and SFTP

PCI Booking users (e-commerce sites; e.g., OTAs) who work with third parties and send card data to these third parties by uploading files to the third party's FTP server should use this method.


Supported connections

PCI Booking supports both SFTP and FTPS connections to the third party's FTP server. Please check with your third party which connection type they use.

  • For documentation on token replacement to SFTP, please click here.
  • For documentation on token replacement to FTPS, please click here.

How It Works

The customer will send a request to PCI Booking with the content of the file that needs to be uploaded, the list of tokens that should be included in the file and the FTP server connection details. The request will also include the type of file being uploaded.


Supported file formats

currently, we only support the following types of files:

  • TADC files.
  • CSV files (to AMEX).
    For more information on the supported file types, click here.

If you would like for us to support the file format that your third party uses, please contact our support team with information regarding your third party and the file format and we will add support for your file.

Once the file reaches PCI Booking, our system will retrieve the card details for all of the tokens provided and insert them into the file in the listed order. Once completed, the full file will be uploaded to the FTP server using the connection details provided.

Listing Tokens

With the FTP upload, customers can include multiple cards into the file. Some cards can be listed multiple times in sequence.

In order to provide this information to the PCI Booking system, the tokens need to be provided in the following format:

  • The tokens will be listed as a comma-separated list in the X-PciBooking-carduri header of the request.
  • The tokens will be listed in the order that the cards should be listed in the file.
    • If a card should be listed multiple times in sequence, the number of occurrences of that card should be listed immediately after the token surrounded by square brackets ([,]). If the card should be listed only once, the number of occurrences can be discarded.

For example, if we need to provide three tokens and the second token needs to be listed 3 times and the third token needs to be listed 5 times, the X-PciBooking-carduri header will look like this:,[3],[5]


Providing many tokens

In case you need to send many tokens (hundreds for example), you can list the tokens with only their token ID and not the full URI.
Based on the above example, the X-PciBooking-carduri header will look like this:
555fd7b49f134b42a5dbe4d576b2e527, 1d12f1d2b51f489f811d4f4176fde5f2[3], a24eee22063f4ee2837a925afd0ef7c0[5]

If the number of tokens an occurrences provided is less than the number of credit card locations in the file, the last token listed in the X-PciBooking-carduri header will be repeated for all remaining credit card locations.

Token Replacement Flow

The request will go through the PCI Booking server and will be relayed to the FTP server.

  1. Create the file and set up the list of tokens to be replaced into the file (each token with the number of instances that it should be listed).
  2. Authenticate PCI Booking via an "access token" or a "session token". Read more about our authentication methods.
  3. Prepare the request to the FTP server
  4. Follow the method documentation based on the FTP connection type that the third party uses (SFTP or FTPS) to create the request to the FTP server to be sent via PCI Booking.
  5. PCI Booking will receive the request and perform the token replacement of all listed tokens into the file. The request is then uploaded to the FTP server listed.
  6. PCI Booking relays the response as is.
  7. Process the response received from PCI Booking.