PCI Vault Logo
Stripe

Sending card data to Stripe

PCI Vault has the ability to forward card data to third parties.

In this proxy recipe, we'll detail how to cater to a common use-case, where card data is forwarded to Stripe to create a Payment Method without it ever passing through your own server.

Unlike some other payment gateways, Stripe does not require any complicated hashed signatures or data encryption to be applied on the data. This removes the need to create a custom rule to do all the computation.

Overview

In this proxy recipe, we'll show you how to:

  1. Initiate a proxy request
  2. Handle the response from Stripe

Step 1: Initiate a proxy request

We'll use the Proxy Post endpoint to initiate a proxy request. The following query string parameters are required:

  • token: the token identifying the card we'd like to send to Stripe
  • user: the key used to encrypt the data
  • passphrase: the passphrase for the key used to encrypt the data

The request URL will look like https://api.pcivault.io/v1/proxy/post?token=uniquetoken&user=ABCD&passphrase=secretpassphrase

The request body will look something like this:

{
  "request": {
    "method": "POST",
    "url": "https://api.stripe.com/v1/payment_methods",
    "headers": [
      {
        "Content-Type": "application/x-www-form-urlencoded"
      },
      {
        "Authorization": "Bearer sk_test_*"
      }
    ],
    "body": "type=card&card[number]={{card_number}}&card[exp_month]={{expiry_month}}&card[exp_year]={{expiry_year}}&card[cvc]={{cvv}}&metadata[customer_id]={{customer_id}}&metadata[reference]={{reference}}",
    "extra_data": {
      "customer_id": "customeridentifier",
      "reference": "youruniqueref",
    }
  },
  "synchronous": true
}

We define the proxy request as being a "POST" method, having content-type header of application/x-www-form-urlencoded and we also set our Stripe authentication token as a header. For the body we'll set a mustache template, where PCI Vault will populate the values from the vault before sending the request to Stripe. Note that one can construct the body template string with fields already populated or like in this case, set an extra_data object whose fields will be merged with the stored data before being populated in the mustache template. Using extra_data is often simpler and cleaner than string concatenation.

One optional parameter that is set in this example is "synchronous": true. This will tell PCI Vault to wait for the Stripe response to be returned and will send the result back to us when the request completes.

Step 2: Handle the response from Stripe

The response from Stripe will be wrapped in a JSON object like this:

{
  "id": "SLHpcudvjdUCokB2UCkR4n",
  "status": "success",
  "type": "post",
  "use_static_ip": false,
  "synchronous": true,
  "request": {
    "method": "POST",
    "url": "https://api.stripe.com/v1/payment_methods",
    "headers": [
      {
        "content-type": "application/x-www-form-urlencoded"
      },
      {
        "authorization": "Bearer sk_test_*"
      }
    ],
    "body": "...",
    "extra_data": {
      "customer_id": "customeridentifier",
      "reference": "youruniqueref"
    }
  },
  "webhook": {
    "status": "pending"
  },
  "max_attempts": 1,
  "attempts": 0,
  "debug_mode": false,
  "received": "2025-11-12T14:06:06.621177+00:00",
  "result": {
    "headers": [
      {
        "Content-Type": "application/json"
      },
      ...
    ],
    "body": "[third party resonse as JSON string]",
    "status_code": 200
  }
}

The response from Stripe is in the result field. The body is returned as a JSON string, which can be parsed and handled appropriately.