> ## Documentation Index > Fetch the complete documentation index at: https://developer.hellgate.io/llms.txt > Use this file to discover all available pages before exploring further. # Forward card data > This endpoint allows to securely forward cardholder data to a certified third-party provider. It will inject sensitive cardholder data from the PCI token into the request before forwarding it. ## OpenAPI ````yaml /products/guardian/openapi.yaml post /api/pci/tokens/{id}/forward openapi: 3.1.0 info: title: Guardian API version: '1.0' contact: name: Starfish GmbH & Co. KG email: hello@starfish.team url: https://hellgate.io/cpa/guardian license: name: Hellgate API Terms url: https://hellgate.io/terms-and-conditions servers: - url: https://{cluster_id}.on-hellgate.cloud description: Guardian service instance variables: cluster_id: default: my-cluster-id description: | Guardian is a service of the Hellgate Cloud Platform. The unique cluster-id is used to connect to your instance. security: [] tags: - name: pci description: Management of card payment credentials under the ruling of PCI DSS. - name: network description: Management of network tokens and cryptograms for secure transactions. - name: generic description: Management of generic tokens and their schemas for various use cases. - name: metadata description: Inquiries for card metadata based on PAN, PCI tokens, or network tokens. - name: apikey description: Management of API keys for service access. - name: webhook description: Management of webhooks for event notifications. - name: types description: Management of types for generic token schemas. paths: /api/pci/tokens/{id}/forward: post: tags: - pci summary: Forward card data description: > This endpoint allows to securely forward cardholder data to a certified third-party provider. It will inject sensitive cardholder data from the PCI token into the request before forwarding it. operationId: pci_token_forward parameters: - in: path name: id description: The ID of the token to forward. schema: type: string format: uuid required: true - in: header name: x-destination-url description: > The target URL to which the request shall be forwarded. Guardian forwards calls only to whitelisted destination URLs (major payment providers are included by default). Contact support to whitelist a custom URL. schema: type: string format: uri requestBody: content: application/json: schema: type: object description: > The payload the caller wants to forward to the third party provider. To securely handle and inject sensitive cardholder data, predefined templates can be used. These templates help structure and standardize the data injection process while ensuring compliance with security and regulatory requirements. examples: worldpay: description: Forward a payment request to Worldpay value: transactionReference: My reference instruction: method: card paymentInstrument: type: plain cardNumber: '{{ account_number }}' expiryDate: month: '{{ expiry_month | unwrap }}' year: '{{ expiry_year | unwrap }}' value: currency: EUR amount: 1000 adyen: description: Forward a payment request to Adyen value: paymentMethod: type: scheme number: '{{ account_number }}' expiryMonth: '{{ expiry_month}}' expiryYear: '{{ expiry_year}}' cvc: '{{ security_code }}' application/x-www-form-urlencoded: schema: type: object description: | The content-type can also be `x-www-form-urlencoded`. examples: stripe: description: Forward a payment request to Stripe value: paymentMethod: type: card card: number: '{{ account_number }}' exp_month: '{{ expiry_month}}' exp_year: '{{ expiry_year}}' responses: '200': description: Success response content: application/json: schema: type: object description: The response from the third party provider. application/x-www-form-urlencoded: schema: type: object description: The response from the third party provider. '400': $ref: '#/components/responses/400_BadRequestError' '401': $ref: '#/components/responses/401_UnauthorizedError' '403': $ref: '#/components/responses/403_ForbiddenError' '407': $ref: '#/components/responses/407_ProxyAuthenticationRequiredError' '502': $ref: '#/components/responses/502_BadGatewayError' '503': $ref: '#/components/responses/503_ServiceUnavailableError' '504': $ref: '#/components/responses/504_GatewayTimeoutError' security: - APIKey: [] - AdminToken: [] components: responses: 400_BadRequestError: description: Error response content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 400 message: The request could not be handle due to invalid data classifier: BAD_REQUEST 401_UnauthorizedError: description: Unauthorized content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 401 message: No valid means of authentication was provided classifier: UNAUTHORIZED 403_ForbiddenError: description: Forbidden content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 403 message: Not allowed to access this resource or feature classifier: FORBIDDEN 407_ProxyAuthenticationRequiredError: description: No valid means of authentication was provided for the proxy content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 407 message: Proxy authentication required classifier: PROXY_AUTHENTICATION_REQUIRED 502_BadGatewayError: description: A non-processable response was received from the upstream server content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 502 message: Bad gateway classifier: BAD_GATEWAY 503_ServiceUnavailableError: description: The server is currently not able to handle the request content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 503 message: Service unavailable classifier: SERVICE_UNAVAILABLE 504_GatewayTimeoutError: description: The server did not receive any response in time from the upstream server content: application/json: schema: $ref: '#/components/schemas/ErrorGeneric' example: code: 504 message: Gateway timeout classifier: GATEWAY_TIMEOUT schemas: ErrorGeneric: type: object properties: code: $ref: '#/components/schemas/ErrorStatusCode' classifier: $ref: '#/components/schemas/ErrorClassifier' message: $ref: '#/components/schemas/ErrorMessage' ErrorStatusCode: type: integer description: The corresponding HTTP status code for the error ErrorClassifier: type: string description: Technical code that helps to identify the error ErrorMessage: type: string description: Human readable representation of the error securitySchemes: APIKey: type: apiKey name: x-api-key in: header AdminToken: type: apiKey name: x-admin-token in: header ````