Integrations

Integrations without the hassle

Connect PCI Proxy to the schemes, gateways and PSPs you already use. You integrate via API, SDK or hosted fields: we tokenise card data and you work only with tokens.

4 ways to connect

Card fields in our iFrame

checkout.yourstore.com
4111 •••• •••• iFrame
12/27 iFrame
••• iFrame

Card data stays off your site. You qualify for SAQ A.

Payment Schemes

Supported schemes

We tokenise card data from Visa, Mastercard, Amex and other schemes. The token shows the last digits useful in your UI: the full number stays in our vault.

Visa

Visa

Credit & Debit

Mastercard

Mastercard

Credit & Debit

American Express

American Express

Charge & Credit

Diners Club

Diners Club

International

JCB

JCB

Asia-Pacific

UnionPay

UnionPay

Global Network

Gateway Connectivity

Gateway integration

We sit between your app and your payment gateway. We tokenise card data before it reaches your servers: the gateway you already use can stay as it is.

Proxy in the middle of requests

We intercept API calls, find card numbers and replace them with tokens before the request reaches your backend.

Switch PSP whenever you want

Tokens stay in our vault, not in the gateway. If you change provider you don't need to ask customers for card data again.

Ready-made gateway profiles

We've already configured dozens of gateways: fields, authentication and endpoints. You usually go live in hours, not weeks.

Compatible Gateways

Stripe
Adyen
Mollie
Worldline
Planet
RoxPay RoxPay EU Native
PSP Connectors

Ready PSP connectors

Connectors ready for leading PSPs in Europe and worldwide. We handle authentication, field mapping and error messages: you make a single API call.

Adyen

Adyen

Enterprise

Payments, tokens and recurring billing with Adyen, including 3DS2.

Active connector
RoxPay

RoxPay

EU Native

Native European PSP: tokens, recurring payments and BNPL on a single PCI DSS Level 1 platform.

Native platform
Worldline

Worldline

Global

Worldline gateway: stored payments, recurring billing and tokens already mapped.

Active connector
Planet

Planet

EU Ready

Planet for payments in Europe: tokens, recurring billing and webhooks pre-configured.

Active connector
Enterprise Systems

CRM and ERP

In your CRM and ERP you store tokens, not card data. That way you don't expand PCI scope across your business systems.

Salesforce

Salesforce

CRM

Store tokens as fields on Account, Contact or Opportunity. For a payment use Flow or Apex: Salesforce never sees card data.

ApexFlowsREST API
SAP

SAP

ERP

Integration with SAP S/4HANA and Commerce Cloud via API or middleware. Tokens go into financial modules, not card numbers.

S/4HANACommerce CloudMiddleware
Oracle

Oracle

ERP / Cloud

Oracle Integration Cloud or direct APIs. Tokens flow into Payments, Subscriptions and Hospitality without card data in your systems.

Integration CloudPaymentsHospitality
For developers

REST API and SDK

Versioned APIs, SDKs in five languages and webhooks to know in real time when a token is created.

API versions

Every endpoint has its version (/v1/). Older versions stay active for at least 24 months. We notify you before deprecating them.

Secure access

API key for server calls or OAuth 2.0 for enterprise environments. You can rotate credentials and scope them per operation.

Rate limits

1,000 requests per minute per key (2,000 burst). Custom limits on Enterprise plans. Every response includes X-RateLimit-* headers.

Available SDKs

SDKs for JS, Python, PHP, Java, .NET. Typed models, automatic retry and idempotency included.

JavaScriptPythonPHPJava.NET
POST your-server.com/webhooks/pci
{
  "event": "token.created",
  "timestamp": "2026-04-03T10:15:30Z",
  "data": {
    "token": "tok_pci_eu_a1b2c3d4e5f6",
    "last_four": "1111",
    "brand": "visa",
    "merchant_id": "mrc_xyz789"
  },
  "signature": "sha256=4a8b9c..."
}
sdk-example.js
// Initialise the PCI Proxy SDK
const pciProxy = new PCIProxyClient({
  apiKey: 'sk_live_...',
  region:  'eu'
});

// Tokenise and forward in a single call
const result = await pciProxy.forward({
  token:    "tok_pci_eu_a1b2...",
  gateway:  "stripe",
  amount:   4999,
  currency: "EUR"
});
Hosted Fields

Hosted fields and iFrame

Card fields run in PCI-certified iFrames. Card data never passes through your page's JavaScript or your servers.

SAQ A

Less PCI burden

We serve the fields from a PCI DSS Level 1 environment. You qualify for SAQ A: the lightest questionnaire, with around 22 controls.

CSS API

Your checkout styling

Fonts, colours, borders and error messages configured via CSS API. Fields look like part of your site.

Mobile

Works on mobile

Responsive layout, automatic numeric keyboard and autofill support on any screen.

checkout.your-shop.com

Payment Details

4111 1111 1111 •••• iFrame
12 / 27 iFrame
••• iFrame

Card data protected by PCI Proxy EU. Never reaches your server.

postMessage token response → your page
{
  "token": "tok_pci_eu_a1b2c3d4e5f6",
  "last_four": "1111",
  "brand": "visa"  // card number never exposed
}

Ready to integrate?

Read how it works, explore tokenisation or get in touch: we'll help you connect your stack in a few days.