Requirements
- Your
public-api-keyandprivate-secret-keyfrom the Yuno Dashboard. - A card stored with Yuno and its
vaulted_token. See Enroll Payment Method. - The destination API you want to call, reachable over HTTPS on port 443.
Build the destination request
Write the request exactly as the destination API expects it — same body shape, same headers — but put vaulted token expressions where the card data belongs:Expressions work in the request body and in header values. Everything that is not an expression is forwarded untouched.The proxy is content-transparent: it forwards your body and
Content-Type unchanged and resolves expressions anywhere in the raw body, so JSON, form-encoded, and XML payloads all work. The example above is JSON, but the destination receives exactly the format you send.Send it through the proxy
Send the request to The HTTP method you use is the method the destination receives. Headers you set for the destination (like
https://api.y.uno/v1/pci-proxy with the destination in the yuno-proxy-url header:Authorization above) pass through; Yuno’s own credential headers and all yuno-* headers are stripped before forwarding.Put the complete destination URL — including its path and any query string — in yuno-proxy-url (for example https://api.example-processor.com/charges/ch_123/capture?expand=true). Do not add a path or query string to the /v1/pci-proxy request itself; a query string on the proxy request is rejected, so that merchant data is never logged.Read the response
The destination’s status code, headers, and body are returned to you unchanged. The proxy adds diagnostic headers:
| Header | Meaning |
|---|---|
yuno-proxy-request-id | Unique identifier of this proxy invocation. Include it in support requests. |
yuno-proxy-destination-status | The HTTP status returned by the destination. Present only when the destination was reached — if it is missing, the failure happened inside Yuno. |
yuno-proxy-replacements | How many expressions were replaced. 0 on a request you expected to be detokenized means your expressions did not match. |
Handle errors
Errors produced by the proxy itself use the standard Yuno error format and never include the
A
yuno-proxy-destination-status header:| HTTP status | Code | Meaning |
|---|---|---|
401 | NOT_AUTHENTICATED / AuthenticationFail | Missing or invalid API credentials |
400 | INVALID_REQUEST | Missing or invalid yuno-proxy-url, an expression or query string in the URL, an invalid yuno-proxy-timeout, or more than 20 distinct tokens in one request |
400 | EXPRESSION_RESOLUTION_FAILED | A vaulted_token does not exist, does not belong to your account, or a referenced field is unavailable |
403 | DESTINATION_NOT_ALLOWED | The destination is not a public HTTPS hostname (IP addresses, non-443 ports, and internal networks are rejected) |
413 | REQUEST_TOO_LARGE | Request body over 1 MB |
429 | TOO_MANY_REQUESTS | Rate limit exceeded |
502 | DESTINATION_UNREACHABLE | The destination could not be reached or closed the connection |
504 | DESTINATION_TIMEOUT | The destination did not respond within the timeout |
500 | PROXY_ERROR | An unexpected error inside the proxy |
401 is returned before your request reaches the proxy, so it does not carry the yuno-proxy-request-id header; every other response does.Any 4xx/5xx accompanied by yuno-proxy-destination-status is the destination’s own error, passed through for you to handle as if you had called it directly.Timeouts
The proxy waits up to 30 seconds for the destination by default. Override it with theyuno-proxy-timeout header (seconds, maximum 120):
Testing in sandbox
Usehttps://api-sandbox.y.uno/v1/pci-proxy with your sandbox credentials and sandbox vaulted_token values. Sandbox tokens resolve to test card numbers, so you can point the proxy at your destination’s own sandbox safely.
Verify your integrationCheck
yuno-proxy-replacements in the response while integrating: it confirms the proxy found and replaced your expressions before forwarding.