PCI-Proxy Receiver Learn how you can use Payyo as a PULL receiver for PCI-Proxy (PCIP)


Because PCIP will replace the credit card tokens with sensitive data, integrators can't use Payyo's regular message signing for authentication. The solution to this is to create a time-based one-time password that can be used instead of the signature.

  1. Create TOTP
  2. Make request via PCIP
curl -i "https://sandbox.pci-proxy.com/v1/pull" \
  -X POST \
  -u "$PUBLIC_KEY:$TOTP" \
  -H "X-CC-URL: https://api.sandbox.payyo.ch/v1" \
  -H "Content-Type: application/json; charset=utf-8" \
  -d '{"jsonrpc":"2.0","method":"transaction.authorize","params":{"merchant_id":1,"merchant_reference":"10000001","currency":"USD","amount":500,"funding_instrument":{"type":"credit_card","number":"$NUMBER_TOKEN","cvc":"$CVC_TOKEN","holder":"John Doe","expires":"2020-05"}},"id":1}'


Parameter Description Example
$PCIP_MERCHANT_ID PCIP merchant ID 1100015342
$PCIP_SIGN PCIP sign as set in the security settings 527872307111803071
$PUBLIC_KEY Payyo public key. api_e702422d73e2efff455021180ba0
$TOTP Password created using auth.createTotp toop_1180b2422d73a0e70fff45502e2e
$NUMBER_TOKEN The token that was stored for the credit card number 424242SKMPRI4242
$CVC_TOKEN The token that was stored for the CVC dJJ7W-NWRdCzFX2rDf28oIeo


Method Description
BASE64() Encodes a string in base64.