# Foward card data This endpoint allows to securely forward cardholder data to a certified third-party provider. It will inject sensitive cardholder data from the PCI token into the request before forwarding it. Guardian forwards all headers from the request, except those it uses internally. To override these internal headers, you can provide a key-value pair that replaces the original header with your custom value. The following example demonstrates this use case: In the forwarded call, a header will be set, replacing the Guardian's header. Endpoint: POST /api/pci/tokens/{id}/forward Version: EAP Security: APIKey, AdminToken ## Path parameters: - `id` (string, required) The ID of the token to forward. ## Header parameters: - `x-destination-url` (string) The target URL to which the request shall be forwarded. {% admonition type="info" name="Important information" %} Guardian forwards calls only to whitelisted destination URLs. We include all major payment providers by default. In case you want to forward calls to a custom URL, please contact our support team to get the URL whitelisted. {% /admonition %} ## Response 400 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 401 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 403 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 407 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 502 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 503 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error ## Response 504 fields (application/json): - `code` (integer) The corresponding HTTP status code for the error - `classifier` (string) Technical code that helps to identify the error - `message` (string) Human readable representation of the error