Hey! These docs are for version 1.0, which is no longer officially supported. Click here for the latest version, 3.0!

Token Replacement to sFTP server

PCI Booking users (e-commerce sites; e.g., OTAs) who work with third parties and send card data to these third parties by uploading files to the third party's sFTP server should use this method.

How It Works

The customer will send a request to PCI Booking with the content of the file that needs to be uploaded, the list of tokens that should be included in the file and the sFTP server connection details. The request will also include the type of file being uploaded.


Supported file formats

currently, we only support the following types of files:

If you would like for us to support the file format that your third party uses, please contact our support team with information regarding your third party and the file format and we will add support for your file.

Once the file reaches PCI Booking, our system will retrieve the card details for all of the tokens provided and insert them into the file in the listed order. Once completed, the full file will be uploaded to the sFTP server using the connection details provided.

Listing Tokens

With the sFTP upload, customers can include multiple cards into the file. Some cards can be listed multiple times in sequence.

In order to provide this information to the PCI Booking system, the tokens need to be provided in the following format:

  • The tokens will be listed as a comma-separated list in the X-PciBooking-carduri header of the request.
  • The tokens will be listed in the order that the cards should be listed in the file.
    • If a card should be listed multiple times in sequence, the number of occurrences of that card should be listed immediately after the token surrounded by square brackets ([,]). If the card should be listed only once, the number of occurrences can be discarded.

For example, if we need to provide three tokens and the second token needs to be listed 3 times and the third token needs to be listed 5 times, the X-PciBooking-carduri header will look like this:
https://service.pcibooking.net/api/payments/paycard/555fd7b49f134b42a5dbe4d576b2e527, https://service.pcibooking.net/api/payments/paycard/1d12f1d2b51f489f811d4f4176fde5f2[3], https://service.pcibooking.net/api/payments/paycard/a24eee22063f4ee2837a925afd0ef7c0[5]


Providing many tokens

In case you need to send many tokens (hundreds for example), you can list the tokens with only their token ID and not the full URI.
Based on the above example, the X-PciBooking-carduri header will look like this:
555fd7b49f134b42a5dbe4d576b2e527, 1d12f1d2b51f489f811d4f4176fde5f2[3], a24eee22063f4ee2837a925afd0ef7c0[5]

If the number of tokens an occurrences provided is less than the number of credit card locations in the file, the last token listed in the X-PciBooking-carduri header will be repeated for all remaining credit card locations.

Token Replacement Flow

The request will go through the PCI Booking server and will be relayed to the sFTP server.

  1. Create the file and set up the list of tokens to be replaced into the file (each token with the number of instances that it should be listed).
  2. Authenticate PCI Booking via an "access token" or a "session token". Read more about our authentication methods.
  3. Prepare the request to the sFTP server
  4. Follow the Token Replacement to sFTP server method documentation to create the request to the sFTP server to be sent via PCI Booking.
  5. PCI Booking will receive the request and perform the token replacement of all listed tokens into the file. The request is then uploaded to the sFTP server listed.
  6. PCI Booking relays the response as is.
  7. Process the response received from PCI Booking.