PCI Vault Logo
Enterprise

The Enterprise endpoints are a collection of advanced PCI Vault features that are only available to our Enterprise customers.

POST /update Account Updater beta
PCI DSS Scope: SAQ-A/D
This feature is currently in the "beta" testing phase. The endpoint is live so that you can start building your integration while we finalise and test our implementation. Keep in mind that responses are likely to be queued and there may be a delay to fulfill requests.
The specifications on this endpoint are subject to small changes.

The account updater takes a list of cards and queries the card network for updates of PAN numbers. If an updated PAN is found, it will be stored in a new token.

You can poll the update result by invoking this endpoint. You can also specify a webhook in the request body. Update results will be sent to the webhook.

(query)

The identifier for the key used to originally encrypt the data. All the tokens encrypted by this key will be added to the account updater, unless filtered further by one of the fields below.

(query)

The passphrase for the key used to originally encrypt the data. This is necessary for PCI Vault to decrypt the cards before submitting the data to the Payment Network

(query)

If the token is specified, only the card with this token will be submitted to the account updater.

(query)

The reference by which data must be filtered. If a token has been stored with a reference, both the reference and the token must be supplied in order to submit the associated PAN to the account updater.

(query)

Limit the number of cards to submit and return. This limit is 5000 by default. To remove the limit, specify a negative limit. Warning: Your browser might not be able to render too many cards, we recommend you set the limit fairly low when trying this endpoint out.

(query)

Set this flag to resubmit token which already are in the updater.

(body)

A webhook to reply to when the account updater returned a match.

(body -> webhook)

The URL for the webhook. This must be an https URL.

(body -> webhook)

A secret that will be returned in the webhook call's X-PCIVault-Webhook-Secret header.

(body -> webhook)

A value between 1 and 8 for the maximum amount of times the webhook should be called per token update. Calls to the webhook will stop on a 200 HTTP response, or when max_attempts are reached.

POST
https://api.pcivault.io/v1/update?limit=250&retry=true
Response Code: 200 (example)
POST /find_expired Find Expired Cards
PCI DSS Scope: SAQ-A/D

Find expired cards, and queue notifications for the expiry of non-expired cards.

You will be notified via webhook if a card expires. The webhook will be sent on the first of the month in which the card expires. For example: If the card's expiry date is "03/25", the webhook will be sent on 1 March 2025.

(query)

The identifier for the key used to originally encrypt the data. All the tokens encrypted by this key will be checked, unless filtered further by one of the fields below.

(query)

The passphrase for the key used to originally encrypt the data. This is necessary for PCI Vault to decrypt the cards to check the expiry dates.

(query)

If the token is specified, only the card with this token will be checked for expiry.

(query)

The reference by which data must be filtered. If a token has been stored with a reference, both the reference and the token must be supplied in order to check the expiry date.

(query)

Limit the number of cards to check and return. This limit is 5000 by default. To remove the limit, specify a negative limit. Warning: Your browser might not be able to render too many cards, we recommend you set the limit fairly low when trying this endpoint out.

(query)

A comma seperated list of fields to check for expiry dates. The values expiry, card_expiry, expiry_date, expiration_date, expiration, exp, exp_date, and e will be appended to the list specified in this field. The first field in this list that parses to a valid date will be used as the expiry date.

(body)

A webhook to reply to when the card expired. Leave this as an empty JSON object to disable the webhook.

(body -> webhook)

The URL for the webhook. This must be an https URL.

(body -> webhook)

A secret that will be returned in the webhook call's X-PCIVault-Webhook-Secret header.

(body -> webhook)

A value between 1 and 8 for the maximum amount of times the webhook should be called per token update. Calls to the webhook will stop on a 200 HTTP response, or when max_attempts are reached.

POST
https://api.pcivault.io/v1/find_expired?limit=250
Response Code: 200 (example)