Management of card payment credentials under the ruling of PCI/DSS.
Guardian API (EAP)
https://{cluster_id}.on-hellgate.cloud/
- Managed instance of Guardian CPAhttps://my-cluster-id.on-hellgate.cloud/api/metadata/inquiries 
- curl
- Java
- Node.js
- Ruby
- Go
- Python
curl -i -X POST \
  https://my-cluster-id.on-hellgate.cloud/api/metadata/inquiries \
  -H 'Content-Type: application/json' \
  -H 'x-api-key: YOUR_API_KEY_HERE' \
  -H 'x-idempotency-key: order_12345_retry_001' \
  -d '{
    "source": {
      "type": "pan",
      "account_number": "4111111111111111",
      "expiry_month": 12,
      "expiry_year": 2025,
      "security_code": "123"
    }
  }'Success response
Scheme defines the brand of the card. A co-branded card will return multiple schemes.
The funding type of the card.
The three letter currency code of the card. See: ISO-4217
A two letter country code of the issuer. ISO 3166-1 alpha-2
{ "bin": "411111", "scheme": [ "visa" ], "type": "credit", "segment": "consumer", "currency_code": "EUR", "issuer_name": "Starfish Bank", "issuer_country_code": "DE" }
API Keys
Management of API keys for service access.
The capabilities an API keys has access to can be scoped to these areas:
- API Keys- admin:api-keys:create
- admin:api-keys:read
- admin:api-keys:update
- admin:api-keys:delete
 
- Webhooks- admin:webhooks:create
- admin:webhooks:read
- admin:webhooks:delete
 
- PCI Tokens- pci:tokens:create
- pci:tokens:read
- pci:tokens:update
- pci:tokens:delete
- pci:tokens:forward
 
- Network Tokens- network:tokens:create
- network:tokens:read
- network:tokens:delete
- network:tokens:use
 
- Metadata Inquiries- metadata:inquiry:create
 
Webhooks
Management of webhooks for event notifications.
Guardian uses tiny events as notification payload. They give you the context of what happened and you can use this information to fetch more details via our API.
Please find the documentation about the callback on the endpoint that registers the webhook.