Skip to main content
POST
/
pci-proxy
/
destinations
Register Destination
curl --request POST \
  --url https://api-sandbox.y.uno/v1/pci-proxy/destinations \
  --header 'Content-Type: application/json' \
  --header 'private-secret-key: <api-key>' \
  --header 'public-api-key: <api-key>' \
  --data '
{
  "hostname": "api.example-processor.com",
  "purpose": "Direct acquiring — Processor X"
}
'
import requests

url = "https://api-sandbox.y.uno/v1/pci-proxy/destinations"

payload = {
    "hostname": "api.example-processor.com",
    "purpose": "Direct acquiring — Processor X"
}
headers = {
    "public-api-key": "<api-key>",
    "private-secret-key": "<api-key>",
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)

print(response.text)
const options = {
  method: 'POST',
  headers: {
    'public-api-key': '<api-key>',
    'private-secret-key': '<api-key>',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    hostname: 'api.example-processor.com',
    purpose: 'Direct acquiring — Processor X'
  })
};

fetch('https://api-sandbox.y.uno/v1/pci-proxy/destinations', options)
  .then(res => res.json())
  .then(res => console.log(res))
  .catch(err => console.error(err));
<?php

$curl = curl_init();

curl_setopt_array($curl, [
  CURLOPT_URL => "https://api-sandbox.y.uno/v1/pci-proxy/destinations",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => json_encode([
    'hostname' => 'api.example-processor.com',
    'purpose' => 'Direct acquiring — Processor X'
  ]),
  CURLOPT_HTTPHEADER => [
    "Content-Type: application/json",
    "private-secret-key: <api-key>",
    "public-api-key: <api-key>"
  ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io"
)

func main() {

	url := "https://api-sandbox.y.uno/v1/pci-proxy/destinations"

	payload := strings.NewReader("{\n  \"hostname\": \"api.example-processor.com\",\n  \"purpose\": \"Direct acquiring — Processor X\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("public-api-key", "<api-key>")
	req.Header.Add("private-secret-key", "<api-key>")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := io.ReadAll(res.Body)

	fmt.Println(string(body))

}
HttpResponse<String> response = Unirest.post("https://api-sandbox.y.uno/v1/pci-proxy/destinations")
  .header("public-api-key", "<api-key>")
  .header("private-secret-key", "<api-key>")
  .header("Content-Type", "application/json")
  .body("{\n  \"hostname\": \"api.example-processor.com\",\n  \"purpose\": \"Direct acquiring — Processor X\"\n}")
  .asString();
require 'uri'
require 'net/http'

url = URI("https://api-sandbox.y.uno/v1/pci-proxy/destinations")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true

request = Net::HTTP::Post.new(url)
request["public-api-key"] = '<api-key>'
request["private-secret-key"] = '<api-key>'
request["Content-Type"] = 'application/json'
request.body = "{\n  \"hostname\": \"api.example-processor.com\",\n  \"purpose\": \"Direct acquiring — Processor X\"\n}"

response = http.request(request)
puts response.read_body
{
  "id": 4218,
  "account_code": null,
  "hostname": "api.example-processor.com",
  "status": "ENABLED",
  "purpose": "Direct acquiring — Processor X",
  "created_by": "ops@merchant.com",
  "created_at": "2026-07-09T13:05:36Z",
  "updated_at": "2026-07-09T13:05:36Z"
}
{
  "code": "INVALID_REQUEST",
  "messages": [
    "invalid body"
  ]
}
{
  "code": "NOT_AUTHENTICATED",
  "messages": [
    "not authenticated"
  ]
}
{
  "code": "DESTINATION_EXISTS",
  "messages": [
    "destination already registered"
  ]
}
{
  "code": "INVALID_HOSTNAME",
  "messages": [
    "hostname must be a bare public FQDN with no scheme, port, path, or wildcard"
  ]
}
Adds a host to your account’s destination allowlist. The forward proxy only sends card data to hosts on this list; there is no “any host” mode. See the Destination Allowlist guide for how matching works.
Adding a destination is sensitiveRegistering a host widens where your stored cards can be sent. Restrict who can manage the allowlist and review any unexpected additions.

Authorizations

public-api-key
string
header
default:<Your public-api-key>
required
private-secret-key
string
header
default:<Your private-secret-key>
required

Body

application/json
hostname
string
required

The bare public hostname to allow, without scheme, port, or path (for example api.example-processor.com). Matched exactly, case-insensitive.

Example:

"api.example-processor.com"

purpose
string

An optional human-readable label describing why this host is allowed. Shown when you list destinations.

Example:

"Direct acquiring — Processor X"

account_code
string | null

Optional. Restrict this destination to a single account. Omit (or send null) to allow the host for the whole organization.

Example:

null

Response

The destination was registered.

id
integer<int64>

Unique identifier of the destination. Use it to remove the destination.

Example:

4218

account_code
string | null

The account this destination is scoped to, or null when it applies to the whole organization.

Example:

null

hostname
string

The registered hostname.

Example:

"api.example-processor.com"

status
string

Whether the destination is active.

Example:

"ENABLED"

purpose
string

The label you provided when registering the destination.

Example:

"Direct acquiring — Processor X"

created_by
string

The user who registered the destination.

Example:

"ops@merchant.com"

created_at
string<date-time>

When the destination was registered.

Example:

"2026-07-09T13:05:36Z"

updated_at
string<date-time>

When the destination was last changed.

Example:

"2026-07-09T13:05:36Z"