Request
Vault Forward acts as a proxy to your third-party endpoint. You send the request to the Gr4vy API instead of directly to the downstream service, with a few adjustments:- Send the request to
POST /vault-forwardinstead of the downstream URL. - Replace any PCI data in the body with template placeholders, for example
{{ CARD_NUMBER_1 }}. - Add control headers to specify which cards to forward and where to send the request.
- Prefix any downstream headers with
x-vault-forward-header-.
Request headers
*Provide either
x-vault-forward-payment-methods or x-vault-forward-checkout-session — at least one is required.
Payload placeholders
Replace PCI data in the request body with placeholders using{{ PLACEHOLDER }} syntax. The X suffix is the 1-based index of the payment method in the x-vault-forward-payment-methods list.
Authentication
Pass your downstream API credentials through headers using thex-vault-forward-header- prefix:
Response
HTTP status code
Any validation error before forwarding returns a4XX status. In all other cases — including when the downstream service returns an error — the status is 200.
Response headers
Payload
The raw downstream response body is returned as-is. Empty if no response was received.Examples
Explore further
CVV & Secure Fields
Forward a security code collected via Secure Fields or a checkout session
3DS forwarding
Forward 3DS authentication data alongside card details
Network token forwarding
Forward network tokens and cryptograms to third-party endpoints
Advanced authentication
Configure request signing, mutual TLS, or payload encryption
Enable an endpoint
Allow a specific host to receive forwarded PCI data in production