# Guardian API Version: EAP License: Hellgate API Terms ## Servers Managed instance of Guardian CPA ``` https://{cluster_id}.on-hellgate.cloud ``` Variables: - `cluster_id`: Guardian CPA is provided as dedicated managed infrastructure. The unique cluster-id is used to connect to your instance. Default: "my-cluster-id" ## Security ### APIKey Type: apiKey In: header Name: x-api-key ### AdminToken Type: apiKey In: header Name: x-admin-token ## Download OpenAPI description [Guardian API](https://api-reference.hellgate.io/_spec/products/guardian/guardian-openapi.yaml) ## PCI Tokens Management of card payment credentials under the ruling of PCI/DSS. ### Create token - [POST /api/pci/tokens](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_create.md): Create a new token in the PCI/DSS scope. This type of token protects sensitive card payment credentials. There are two ways to create the token, which depend on the level of your PCI/DSS compliance: {% table %} - Source {% width="20%" %} - Compliance - Description --- - - Min. SAQ-A+ - This is the most common way to create a token. It will leverage the SDKs of Guardian to securely capture the cardholder data and send it encrypted to the API. --- - - Min. SAQ-D+ - In case you have the required compliance to handle cardholder data yourself, you can also just import the full data in exchange for a token. {% /table %} ### Get tokens - [GET /api/pci/tokens](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_list.md): List all tokens in the PCI/DSS scope. ### Get token details - [GET /api/pci/tokens/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_get.md): Get a token by its identifier. ### Delete a token - [DELETE /api/pci/tokens/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_delete.md): Remove a token from the system. ### Check security code - [GET /api/pci/tokens/{id}/security-code](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_security_code_check.md): Check if the security code is still available for the token. ### Refresh security code - [POST /api/pci/tokens/{id}/security-code](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_security_code_refresh.md): Request a refresh of the security code for the token. ### Delete security code - [DELETE /api/pci/tokens/{id}/security-code](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_security_code_delete.md): Remove the security code for the token. ### Foward card data - [POST /api/pci/tokens/{id}/forward](https://api-reference.hellgate.io/products/guardian/guardian-openapi/pci/pci_token_forward.md): This endpoint allows to securely forward cardholder data to a certified third-party provider. It will inject sensitive cardholder data from the PCI token into the request before forwarding it. Guardian forwards all headers from the request, except those it uses internally. To override these internal headers, you can provide a key-value pair that replaces the original header with your custom value. The following example demonstrates this use case: In the forwarded call, a header will be set, replacing the Guardian's header. ## Network Tokens Management of network tokens, including cryptograms for secure transactions. ### Create token - [POST /api/network/tokens](https://api-reference.hellgate.io/products/guardian/guardian-openapi/network/network_token_create.md): Create and provision a new network token with a card scheme. There are three ways to create the token, which depend on the level of your PCI/DSS compliance: {% table %} - Source {% width="20%" %} - Compliance - Description --- - - Min. SAQ-A+ - This is the most common way to create a token. It will leverage the SDKs of Guardian to securely capture the cardholder data and send it encrypted to the API. --- - - Min. SAQ-D+ - In case you have the required compliance to handle cardholder data yourself, you can also just import the full data in exchange for a token. --- - - Min. SAQ-A+ - Use an existing PCI token as source. The network token will be provisioned independently from the PCI token, such that the life-cycles of the tokens are not coupled. {% /table %} {% admonition type="info" name="Important information" %} Currently only Visa, Mastercard, American Express, and Discover are supported as card schemes. The network token will be provisioned with the card scheme. {% /admonition %} ### Get tokens - [GET /api/network/tokens](https://api-reference.hellgate.io/products/guardian/guardian-openapi/network/network_token_list.md): List all network tokens. ### Get token details - [GET /api/network/tokens/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/network/network_token_get.md): Retrieves details of a specific network token by its ID. ### Delete token - [DELETE /api/network/tokens/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/network/network_token_delete.md): Deletes a specific network token by its ID. ### Request cryptogram - [POST /api/network/tokens/{id}/cryptograms](https://api-reference.hellgate.io/products/guardian/guardian-openapi/network/network_token_cryptogram.md): Request a cryptogram (TAAV) for a given network token. The cryptogram is a dynamic value used to authenticate and authorize tokenized transactions, ensuring secure communication with the payment network. Guardian supports two types of scenarios for cryptograms: {% table %} - Type {% width="20%" %} - Description --- - - This type is used in standard e-commerce transactions when a network token is in use. --- - - This type is based on a delegated authentication setup with the card schemes and requires prior activation. {% /table %} ### Get card art - [GET /api/network/tokens/{id}/card-art](https://api-reference.hellgate.io/products/guardian/guardian-openapi/network/network_token_card_art.md): Get the card art associated with the network token. ## Metadata Inquiries Inquiries for card metadata based on PAN, PCI tokens, or network tokens. ### Create inquiry - [POST /api/metadata/inquiries](https://api-reference.hellgate.io/products/guardian/guardian-openapi/metadata/inquiry_create.md): Create a new inquiry for card metadata based on either a PAN, an existing PCI token, or a network token. ## Administration Administrative operations for managing a Guardian instance, such as API keys. ### Create API key - [POST /api/admin/api-keys](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_api_key_create.md): Creates a new API key with the specified scopes and expiration time. ### Get API keys - [GET /api/admin/api-keys](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_api_key_list.md): Retrieves a list of all API keys. ### Get API key details - [GET /api/admin/api-keys/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_api_key_get.md): Retrieves detailed information about a specific API key. ### Update API key - [PATCH /api/admin/api-keys/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_api_key_update.md): Updates the scopes of an existing API key. ### Delete API key - [DELETE /api/admin/api-keys/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_api_key_delete.md): Deletes a specific API key. ### Register webhook - [POST /api/admin/webhooks](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_webhook_create.md): Register a new webhook and receive callbacks. ### Get webhooks - [GET /api/admin/webhooks](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_webhook_list.md): List all webhooks known to the system. ### Get webhook details - [GET /api/admin/webhooks/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_webhook_get.md): Retrieves detailed information about a specific webhook. ### Delete webhook - [DELETE /api/admin/webhooks/{id}](https://api-reference.hellgate.io/products/guardian/guardian-openapi/admin/admin_webhook_delete.md): Deletes a specific webhook.