Skip to main content
When using Vault Forward, the authentication to the downstream API is done by passing in the authorization header, you need to pass your own API keys and credentials through the body or headers. For example, when using a bearer token, it needs to be passed in the Vault Forward request as a x-vault-forward-header-authorization header. 
POST /vault-forward
host: api.acme.gr4vy.app
content-type: application/json
x-vault-forward-url: https://example.com/endpoint
x-vault-forward-http-method: PUT
x-vault-forward-header-authorization: Bearer 123
In some situations, passing through the authentication is not technically possible.
  • The downstream service requires the request to be signed
  • The downstream service requires two-way SSL / mutual TLS authentication
  • The downstream service requires the entire payload to be encrypted
For these services, support for advanced authentication has been added.

Setup

To set up advanced authentication, head over to the dashboard, switch to Settings -> Manage merchants then edit a merchant using the actions menu, and then Edit merchant. In a single merchant environment you may be able to go to this screen directly via the Settings -> Configuration menu. Next, switch to the Vault Forwarding tab and you should see the endpoints enabled for your environment.
Vault Forward
When an endpoints supports authentication, for example Visa, the actions menu should have an option to edit the Authentication methods. Select this menu, and it takes you to a new screen to set up an authentication. To set up an authentication method, click the Add authentication, and select the method to add for that endpoint. Fill in any of the required fields, and finally click the Add button.
Vault Forward authentication
Once set up, please note the UUID of each authentication method as you need it in the next step.
Validation: credentials provided are not currently validated or verified. Please ensure the right values are passed, and no extra new lines, spaces, or other characters are filled in.

Usage

To make a Vault Forward request with an authentication method use the x-vault-forward-authentications header with a list of one or more authentication methods UUIDs (comma separated) to use on that request. Each authentication method has its unique UUID that is displayed in the dashboard. 
POST /vault-forward
host: api.acme.gr4vy.app
content-type: application/json
x-vault-forward-url: https://example.com/endpoint
x-vault-forward-http-method: PUT
x-vault-forward-payment-methods: b77fef6d-c360-4b42-8f70-d884f4a6852a
x-valud-forward-authentications: 0a71cd3f-021e-4528-bcd7-38772594634b,2168f3c2-e327-47bd-9d5a-e9cfaeb53e96

{
    "cards": [
        {
            "number": "{{ CARD_NUMBER_1 }}",
            "expiry": "{{ CARD_EXPIRATION_DATE_1 }}",
            "cvv": "123"
        }
    ]
}
Each authentication method is applied to a request before it is sent on to the target endpoint.