Skip to main content
POST
/
pci-proxy
Invoke Forward Proxy
curl --request POST \
  --url https://api-sandbox.y.uno/v1/pci-proxy \
  --header 'Content-Type: application/json' \
  --header 'private-secret-key: <api-key>' \
  --header 'public-api-key: <api-key>' \
  --header 'yuno-proxy-url: <yuno-proxy-url>' \
  --data '
{
  "amount": 2500,
  "currency": "USD",
  "card": {
    "number": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}",
    "exp_month": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}",
    "exp_year": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}",
    "name": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}"
  }
}
'
import requests

url = "https://api-sandbox.y.uno/v1/pci-proxy"

payload = {
    "amount": 2500,
    "currency": "USD",
    "card": {
        "number": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}",
        "exp_month": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}",
        "exp_year": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}",
        "name": "{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}"
    }
}
headers = {
    "yuno-proxy-url": "<yuno-proxy-url>",
    "public-api-key": "<api-key>",
    "private-secret-key": "<api-key>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
  method: 'POST',
  headers: {
    'yuno-proxy-url': '<yuno-proxy-url>',
    'public-api-key': '<api-key>',
    'private-secret-key': '<api-key>',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    amount: 2500,
    currency: 'USD',
    card: {
      number: '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}',
      exp_month: '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}',
      exp_year: '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}',
      name: '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}'
    }
  })
};

fetch('https://api-sandbox.y.uno/v1/pci-proxy', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-sandbox.y.uno/v1/pci-proxy",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => json_encode([
    'amount' => 2500,
    'currency' => 'USD',
    'card' => [
        'number' => '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}',
        'exp_month' => '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}',
        'exp_year' => '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}',
        'name' => '{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}'
    ]
  ]),
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "private-secret-key: <api-key>",
    "public-api-key: <api-key>",
    "yuno-proxy-url: <yuno-proxy-url>"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api-sandbox.y.uno/v1/pci-proxy"

	payload := strings.NewReader("{\n  \"amount\": 2500,\n  \"currency\": \"USD\",\n  \"card\": {\n    \"number\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}\",\n    \"exp_month\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}\",\n    \"exp_year\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}\",\n    \"name\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}\"\n  }\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("yuno-proxy-url", "<yuno-proxy-url>")
	req.Header.Add("public-api-key", "<api-key>")
	req.Header.Add("private-secret-key", "<api-key>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://api-sandbox.y.uno/v1/pci-proxy")
  .header("yuno-proxy-url", "<yuno-proxy-url>")
  .header("public-api-key", "<api-key>")
  .header("private-secret-key", "<api-key>")
  .header("Content-Type", "application/json")
  .body("{\n  \"amount\": 2500,\n  \"currency\": \"USD\",\n  \"card\": {\n    \"number\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}\",\n    \"exp_month\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}\",\n    \"exp_year\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}\",\n    \"name\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}\"\n  }\n}")
  .asString();
require 'uri'
require 'net/http'

url = URI("https://api-sandbox.y.uno/v1/pci-proxy")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["yuno-proxy-url"] = '<yuno-proxy-url>'
request["public-api-key"] = '<api-key>'
request["private-secret-key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"amount\": 2500,\n  \"currency\": \"USD\",\n  \"card\": {\n    \"number\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.number}}\",\n    \"exp_month\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_month}}\",\n    \"exp_year\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.expiration_year}}\",\n    \"name\": \"{{vaulted_token.1a2b3c4d-5678-90ab-cdef-111213141516.holder_name}}\"\n  }\n}"

response = http.request(request)
puts response.read_body
{}
Forwards your request to the destination in the yuno-proxy-url header, replacing {{vaulted_token.<TOKEN>.<field>}} expressions with real card data inside Yuno’s secure environment. See the Forward Proxy guide for a step-by-step integration.
BetaThe PCI Proxy is in beta and is enabled per account. Contact your Key Account Manager (KAM) to activate it.
Server-side onlyProxy requests detokenize card data and must only be made from your backend. Never expose your private-secret-key in client-side code.
All of GET, POST, PUT, PATCH, and DELETE are supported — the destination receives the same method you used. Path segments and query strings appended after /pci-proxy are appended to the destination URL. If you are a PCI-certified merchant and need the raw card data itself rather than a pass-through call, use Retrieve Enrolled Payment Method by ID PCI Data instead.

Authorizations

public-api-key
string
header
default:<Your public-api-key>
required
private-secret-key
string
header
default:<Your private-secret-key>
required

Headers

yuno-proxy-url
string
required

The full destination URL, including any path (for example https://api.example-processor.com/charges). Must be a public HTTPS hostname on port 443; IP addresses and internal networks are rejected. Any path you append after /pci-proxy is appended to this URL's path, and your request's query string is forwarded. For example, calling /pci-proxy/refunds with yuno-proxy-url: https://api.example-processor.com/charges forwards to https://api.example-processor.com/charges/refunds.

Example:

"https://api.example-processor.com/charges"

yuno-proxy-timeout
integer

Destination timeout in seconds. Default 30, maximum 120.

Required range: 1 <= x <= 120
Example:

30

Body

The body the destination API expects, with vaulted token expressions where card data belongs. The proxy is content-transparent: it forwards your body and Content-Type unchanged and resolves {{vaulted_token.<TOKEN>.<field>}} expressions anywhere in the raw body, so any content type is supported (JSON, form-encoded, XML). The JSON object below is illustrative. Supported fields: number, security_code, expiration_month, expiration_year, holder_name. At most 20 distinct tokens per request; maximum body size 1 MB. Expressions are also resolved in header values. All non-expression content is forwarded untouched.

The body is of type object.

Response

Response from the destination, passed through unchanged (the actual status code is whatever the destination returned; check yuno-proxy-destination-status).

The destination's response body, unchanged.