Skip to main content
File Transfer Token Replacement lets you deliver card data to partners via SFTP or FTPS. You upload a file containing card tokens to PCI Booking, which replaces the tokens with real card data and sends the file to the destination server.

How It Works

  1. Your system sends a PUT request to PCI Booking’s SFTP/FTPS relay endpoint, providing the destination host, file path, server credentials, and the file content with card tokens.
  2. PCI Booking applies a content filter to locate tokens in the file, retrieves the real card data, and substitutes it.
  3. The modified file, now containing real card data, is uploaded to the destination SFTP or FTPS server.

Supported File Formats

PCI Booking supports several preset content filters for common file formats:

Authentication

Destination server credentials (username and password) are passed via the HTTP Basic Authorization header on your relay request. PCI Booking uses these credentials to connect to the destination SFTP or FTPS server. Card tokens are specified in the X-PciBooking-cardUri request header.
The reverse operation is also available: you can download a file from an SFTP/FTPS server through PCI Booking, which tokenizes any card data found in the file before returning it to your system. See File Transfer Tokenization.

Next Steps

Token Replacement in Request

Send card data via HTTP proxy instead.

Use Tokens Overview

All detokenization methods.