Management of card payment credentials under the ruling of PCI/DSS.
Guardian API (EAP)
https://{cluster_id}.on-hellgate.cloud/
Request
Create and provision a new network token with a card scheme.
There are three ways to create the token, which depend on the level of your PCI/DSS compliance:
Source | Compliance | Description |
---|---|---|
session | Min. SAQ-A+ | This is the most common way to create a token. It will leverage the SDKs of Guardian to securely capture the cardholder data and send it encrypted to the API. |
pan | Min. SAQ-D+ | In case you have the required compliance to handle cardholder data yourself, you can also just import the full data in exchange for a token. |
pci_token | Min. SAQ-A+ | Use an existing PCI token as source. The network token will be provisioned independently from the PCI token, such that the life-cycles of the tokens are not coupled. |
Currently only Visa, Mastercard, American Express, and Discover are supported as card schemes. The network token will be provisioned with the card scheme.
- Managed instance of Guardian CPA
https://my-cluster-id.on-hellgate.cloud/api/network/tokens
- curl
- Java
- Node.js
- Ruby
- Go
- Python
curl -i -X POST \
https://my-cluster-id.on-hellgate.cloud/api/network/tokens \
-H 'Content-Type: application/json' \
-H 'x-api-key: YOUR_API_KEY_HERE' \
-H 'x-idempotency-key: order_12345_retry_001' \
-d '{
"source": {
"type": "session"
}
}'
{ "session_id": "8744c9ea-a02b-4ae6-875c-b64fc333e3ef" }
- Managed instance of Guardian CPA
https://my-cluster-id.on-hellgate.cloud/api/network/tokens
- curl
- Java
- Node.js
- Ruby
- Go
- Python
curl -i -X GET \
'https://my-cluster-id.on-hellgate.cloud/api/network/tokens?limit=20' \
-H 'x-api-key: YOUR_API_KEY_HERE'
Success response
The ID of the network token at the scheme.
This value is only present if Delegated Authentication is active for the instance.
The ID of the PCI token that represents the card
{ "data": [ { … } ], "links": { "next": "https://my-cluster-id.on-hellgate.cloud/network/tokens?after=123e4567-e89b-12d3-a456-426614174000&limit=20" } }
- Managed instance of Guardian CPA
https://my-cluster-id.on-hellgate.cloud/api/network/tokens/{id}
- curl
- Java
- Node.js
- Ruby
- Go
- Python
curl -i -X GET \
'https://my-cluster-id.on-hellgate.cloud/api/network/tokens/{id}' \
-H 'x-api-key: YOUR_API_KEY_HERE'
Success response.
The ID of the network token at the scheme.
This value is only present if Delegated Authentication is active for the instance.
The ID of the PCI token that represents the card
{ "id": "123e4567-e89b-12d3-a456-426614174000", "created_at": "2023-10-01T12:00:00Z", "card": { "cardholder_name": "John Doe", "expiry_month": 12, "expiry_year": 2025, "masked_account_number": "411111******1111", "scheme": "visa" }, "network_token": { "status": "active", "type": "vts" }, "pci_token_id": "32e4567-e89b-12d3-a456-426614174000" }
API Keys
Management of API keys for service access.
The capabilities an API keys has access to can be scoped to these areas:
- API Keys
admin:api-keys:create
admin:api-keys:read
admin:api-keys:update
admin:api-keys:delete
- Webhooks
admin:webhooks:create
admin:webhooks:read
admin:webhooks:delete
- PCI Tokens
pci:tokens:create
pci:tokens:read
pci:tokens:update
pci:tokens:delete
pci:tokens:forward
- Network Tokens
network:tokens:create
network:tokens:read
network:tokens:delete
network:tokens:use
- Metadata Inquiries
metadata:inquiry:create
Webhooks
Management of webhooks for event notifications.
Guardian uses tiny events as notification payload. They give you the context of what happened and you can use this information to fetch more details via our API.
Please find the documentation about the callback on the endpoint that registers the webhook.