> ## Documentation Index
> Fetch the complete documentation index at: https://docs.y.uno/llms.txt
> Use this file to discover all available pages before exploring further.

# List Destinations

> Retrieve the third-party hosts currently on your PCI Proxy allowlist.

Returns the destinations registered for your account. Only these hosts can be reached by the [forward proxy](/reference/pci-proxy/invoke-forward-proxy). See the [Destination Allowlist guide](/docs/security-and-compliance/pci-proxy/allowlist) for details.


## OpenAPI

````yaml openapi/pci-proxy/manage-destinations.json GET /pci-proxy/destinations
openapi: 3.1.0
info:
  title: pci-proxy-manage-destinations
  version: 1.0.0
servers:
  - url: https://api-sandbox.y.uno/v1
security:
  - sec0: []
    sec1: []
paths:
  /pci-proxy/destinations:
    get:
      summary: List Destinations
      description: >-
        Returns the destinations registered on your account's allowlist. Only
        hosts on this list can be reached by the [forward
        proxy](/reference/pci-proxy/invoke-forward-proxy); a request to any
        other host is rejected with `403 DESTINATION_NOT_ALLOWED`.
      operationId: listPciProxyDestinations
      parameters:
        - name: yuno-account-id
          in: header
          required: false
          description: >-
            Optional account scope. When set, the response contains only that
            account's destinations plus the organization-wide ones. Omit it to
            list all of the organization's destinations.
          schema:
            type: string
            example: acc_123
      responses:
        '200':
          description: The destinations registered for your account.
          content:
            application/json:
              schema:
                type: object
                properties:
                  destinations:
                    type: array
                    items:
                      $ref: '#/components/schemas/Destination'
              example:
                destinations:
                  - id: d7e8f9a0-1234-4b5c-8d6e-7f8091a2b3c4
                    account_id: null
                    hostname: api.example-processor.com
                    status: ENABLED
                    purpose: Direct acquiring — Processor X
                    created_at: '2026-07-09T13:05:36Z'
                    updated_at: '2026-07-09T13:05:36Z'
        '401':
          $ref: '#/components/responses/Unauthorized'
components:
  schemas:
    Destination:
      type: object
      properties:
        id:
          type: string
          format: uuid
          description: >-
            Unique identifier of the destination. Use it to remove the
            destination.
          example: d7e8f9a0-1234-4b5c-8d6e-7f8091a2b3c4
        account_id:
          type: string
          nullable: true
          description: >-
            The account this destination is scoped to, or `null` when it applies
            to the whole organization.
          example: null
        hostname:
          type: string
          description: The registered hostname.
          example: api.example-processor.com
        status:
          type: string
          enum:
            - ENABLED
            - DISABLED
          description: >-
            Whether the destination is active. Only ENABLED destinations are
            used by the forward path.
          example: ENABLED
        purpose:
          type: string
          description: The label you provided when registering the destination.
          example: Direct acquiring — Processor X
        created_at:
          type: string
          format: date-time
          description: When the destination was registered.
          example: '2026-07-09T13:05:36Z'
        updated_at:
          type: string
          format: date-time
          description: When the destination was last changed.
          example: '2026-07-09T13:05:36Z'
    DestinationError:
      type: object
      properties:
        code:
          type: string
          description: Machine-readable error code.
          enum:
            - NOT_AUTHENTICATED
            - AuthenticationFail
            - INVALID_REQUEST
            - INVALID_HOSTNAME
            - INVALID_ACCOUNT_CODE
            - DESTINATION_EXISTS
            - NOT_FOUND
            - INTERNAL_ERROR
        messages:
          type: array
          items:
            type: string
  responses:
    Unauthorized:
      description: Authentication failed. Missing or invalid API credentials.
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/DestinationError'
          examples:
            Not authenticated:
              value:
                code: NOT_AUTHENTICATED
                messages:
                  - not authenticated
  securitySchemes:
    sec0:
      type: apiKey
      in: header
      name: public-api-key
      x-default: <Your public-api-key>
    sec1:
      type: apiKey
      in: header
      name: private-secret-key
      x-default: <Your private-secret-key>

````