Use of the production Forward API is subject to eligibility.

Contact your Account Manager for more information or submit an inquiry to our Business Development team.

The available keys on an incoming Forward API request.



A PEM-encoded X.509 certificate for TLS mutual authentication. (sandbox only)

The PEM-encoded private key used to create the CSR that generated the client_cert. (sandbox only)


When config is present it will be used in lieu of the config specified by name. Just like production configs, the types key must be present and must contain the type of the forwarded payment instrument. (sandbox only)


When configs is present it will be used in lieu of the config specified by name. It is a list of configs; the first one with a types key which contains the type of the forwarded payment instrument will be used. (sandbox only)


Only for payment data captured via our deprecated client-side encryption integration

A map containing client-side encrypted values. The decrypted value will be bound to the global variable specified by the key and made available to transformations.


A list of values which are made available to transformations as global variables. (See variable lookup in the functions section.)

When debug_transformations is present no request is sent to the destination. A representation of the request which would have been executed in the absence of debug_transformations is instead returned. The query string which would have been used is returned in the X-Query-String header. (sandbox only)


The unique identifier of the merchant whose Vault will be accessed.



The HTTP method to use when making the request.


The name of the endpoint receiving the card information (used to lookup which config to use for this request). Required in production.


A map structured like the one in template. Used to override the transformations, any transformation which would have written to a part of the template specified here will no-op.


A representation of the body of the request.


The map which will become the query string of the request.

The payment_method_nonce of the payment instrument being forwarded.

The payment_method_token of the payment instrument being forwarded.

The array of payment_method_tokens to forward. Variable bindings are 1-indexed (e.g. $number_1 corresponds to the card number of the first token).

A list of values that are made available to transformations as global variables. They will not be logged by the Forward API.


The URL to which the request will be made.


It's possible that different types of payment instrument will need to be forwarded to different endpoints. urls specifies a list of candidate endpoints to use. Once a config has been chosen the first url matching that config's url regex will be used.

A map of alias -> backing variable name, provided as a convenience for complex integrations forwarding multiple payment methods.