Forward card data
This endpoint allows to securely forward cardholder data to a certified third-party provider.
It will inject sensitive cardholder data, referenced by a Commerce token, into the request before forwarding it.
Commerce requires certain HTTP headers for this feature. These headers are reserved and cannot be used by the caller:
| Header | Required | Description |
|---|---|---|
x-api-key | Yes | Authentication of the request. |
x-hellgate-token | Yes | Identify the Commerce token to use for the request. |
x-destination-url | Yes | Define the target URL to which the request shall be forwarded. |
x-hellgate-version | No | Define the API version to use for the request. |
Refer to the general documentation about forwarding senstive data for more information.
Authorizations
Headers
The ID of the Hellgat e token to use for the request.
The target URL to which the request shall be forwarded.
Only allowed target URLs by the merchant can be request.
Body
The payload the caller wants to forward to the third party provider.
To securely handle and inject sensitive cardholder data, predefined templates can be used. These templates help structure and standardize the data injection process while
ensuring compliance with security and regulatory requirements.
| Placeholder | Type | Description |
|---|---|---|
{{ account_number }} | string | The full account number |
{{ cardholder_name }} | string | The name of the cardholder |
{{ expiration_year }} | number | Four digit expiration year |
{{ expiration_month }} | number | Two digit expriation month |
{{ security_code }} | string | The security code - if present |
Placeholder of type number can be unwrapped from the standard string representation.
Response
Success response
The response from the third party provider.