PCI Vault Logo
Retrieve

With a retrieve endpoint you can give third parties or a web frontend direct access to your data in PCI Vault.

To do this without compromising your passphrase or your authorization details, you can create a shareable unique endpoint. This endpoint can only be used to retrieve data and can be locked down to only specific tokens and references for added security.

POST /retrieve/ Create a Retrieval Endpoint

Create a temporary endpoint that you can share with others without compromising your passphrase. This new endpoint can be used to retrieve data that was encrypted with the provided key. You can also lock down the new endpoint to only retrieve specific tokens or references.

Important: We store an encrypted version of the provided key in our database. This endpoint generates a secret necessary to decrypt the key and then decrypt the captured data. Anybody with the secret can use the generated endpoint to decrypt the data accessible by the new endpoint. We do not store the secret. We recommend that you delete the endpoint after use.

(query)

The identifier for the key that will be used to fetch and decrypt data.

(query)

The passphrase for the key that will be used to fetch and decrypt data.

(query)

A unique name for the endpoint. The uniqueness is enforced across the entire vault, you can't use a unique id that is currently being used by someone else.

(query)

The duration for which the endpoint will be active. This can be specified using a ISO8601 duration string.

(query)

A token to which new endpoint must be locked down. The new endpoint will only have access to this token. If neither token or reference is specified, the new endpoint will have access to all tokens.

(query)

A reference to which new endpoint must be locked down. The new endpoint will only have access to tokens with this reference. If the reference is not specified, the new endpoint will have access to tokens with any reference.

(query)

A comma seperated list of rule ids to apply to the data in order. This does not change stored data.

(header)

Set the Accept header text/html to receive the endpoint data in ready-made HTML code.

POST
https://api.pcivault.io/v1/retrieve/
Accept
application/json
# No Body
Response Code: 200 (example)
GET /retrieve/ List Retrieval Endpoints

List available retrieval endpoints, this list may include expired endpoints. Expired endpoints can't be used and will be deleted.

(query)

Optional key identifier for filtering endpoints.

GET
https://api.pcivault.io/v1/retrieve/
# No Body
Response Code: (example)
GET /retrieve/{unique_id} Use a Retrieval Endpoint to Decrypt a Token

Decrypt or list encrypted data by token from the vault without having access to a key. Use the secret provided when creating this unique endpoint. If the token is provided, decrypted data will be returned, otherwise tokens will be listed.

(path)

The unique id of the endpoint to use.

(query)

The token to retrieve. If left unspecified, this endpoint will generate a tree of available tokens using the supplied reference if applicable.

(query)

The reference by which data must be filtered. If a token has been stored with a reference, both the reference and the token must be supplied in order to decrypt the associated data.

(query)

Limit the number of cards in the tree. This limit 5000 by default. To remove the limit, specify a negative limit. Warning: Your browser might not be able to render too many cards, we recommend you set the limit fairly low when trying this endpoint out.

(header)

The secret associated to the endpoint.

GET
https://api.pcivault.io/v1/retrieve/{unique_id}?limit=250
# No Body
Response Code: 200 (example)
DELETE /retrieve/{unique_id} Delete a Retrieval Endpoint

Delete a retrieval endpoint. Please note that this endpoint can also be used to delete capturing endpoints by specifying a unique id belonging to a capturing endpoint.

(path)

The unique id of the endpoint to delete.

DELETE
https://api.pcivault.io/v1/retrieve/{unique_id}
# No Body
Response Code: 200 (example)