PCI Proxy API
Important – For Non-PCI-DSS Certified Customers Using PCI Proxy
We provide an API endpoint to fetch sensitive card data such as PAN and CVV using Pliant’s PCI Proxy.
This solution is designed for customers who are not PCI-DSS certified, but still need to process sensitive card data programmatically.
- If you want to use card data in a UI, please use our PCI widget solution.
- If you are PCI-DSS certified, please use this flow instead.
Introduction
For non-PCI-DSS certified customers, Pliant provides a secure way to work with sensitive card data — including:
Access to this data is handled through Pliant’s PCI Proxy, ensuring that you never directly see or store the raw sensitive values, while still allowing for secure processing in accordance with PCI-DSS principles.
How It Works
Once PCI Proxy is enabled for your account (we assist with this during onboarding), you can retrieve tokenized card data from Pliant and use it for secure downstream processing.
- Card tokens are provided:
- When issuing a new card
- Or when fetching existing card details
Workflow
- Issue a new card, or select an existing card ID
- Call the endpoint to request tokenized card data:
→/cards/{cardId}/tokenized-pan - Use the token to process a payment through a secure backend or third-party system — without exposing the actual PAN or CVV
This approach allows you to remain outside the PCI-DSS certification scope while still enabling secure, automated card use.
Need Help?
If you need help enabling PCI Proxy or have questions about the integration, contact us at:
📧 [email protected]
Updated 7 days ago