{"activeVersionTag":"latest","latestAvailableVersionTag":"latest","collection":{"info":{"_postman_id":"b62c0a19-7847-4425-a959-063c09a4ba3f","name":"Mithras Vault API","description":"## Overview\n\nRemus Vault is a secure API for storing, tokenizing, and proxying sensitive payment card data.\n\n- Data at rest is stored securely and only retrievable with proper authentication.\n    \n- Proxy endpoints support capture from third parties and sending card data to authorized destinations.\n    \n- All sensitive operations require valid credentials and organization-level onboarding.\n    \n\n## Getting Started\n\n1. Contact Mithras Support to request onboarding, development environment and credentials:\n    \n    - Email: [support@mithras.cloud](https://mailto:support@mithras.cloud)\n        \n    - Include your organization details and intended use (storage, capture, send).\n        \n2. Receive from Mithras:\n    \n    - Base API URL (referred to here as `{{vault_endpoint}}`)\n        \n    - API credentials (X-API-Key, X-User-Token)\n        \n    - Any scope- or environment-specific guidance\n        \n3. (Optional, for Send Card) Request target endpoint authorization:\n    \n    - Provide exact HTTPS URL prefix(es) and allowed HTTP method(s) to be whitelisted.\n        \n    - Requests to destinations not explicitly authorized will be rejected.\n        \n\n## Authentication\n\nAll API requests must include the following headers:\n\n- `X-API-Key: {{api_key}}`\n    \n- `X-User-Token: {{user_token}}`\n    \n\nNotes:\n\n- Credentials are issued by Mithras (request via [support@mithras.cloud](https://mailto:support@mithras.cloud)).\n    \n- Additional authorization headers may be required for specific partner flows and will be provided during onboarding if applicable.\n    \n\n## Tokens & Access\n\n- When storing a card, you receive:\n    \n    - `vault_locker` (public token identifying the stored item)\n        \n    - `vault_locker_key` (secret key used to unlock/decrypt when permitted)\n        \n- Treat tokens as secrets. Do not log full values.\n    \n- Viewing unmasked data or CVV may be limited and is auditable; CVV retrieval is explicitly user-driven and can count as a view.\n    \n- Send Card replaces placeholders (e.g. `%CARD_NUMBER%`) in your request body with real data server-side and forwards to authorized destinations.\n    \n\n## Card Data Retrieval\n\n_**If you need to access or retrieve the stored card data, please contact**_ [<i><b>support@mithras.cloud</b></i>](https://mailto:support@mithras.cloud) _**and we will provide you with the relevant documentation and access procedures.**_\n\n## Tokenisation Profiles\n\nTokenisation Profiles define how card data is located and masked in third-party responses (e.g., booking payloads). Profiles are provisioned by Mithras upon request (no charge). Current commonly available profiles include: `channex`, `channex_entity`, and `roomcloud`.\n\nProfile structure (simplified):\n\n``` json\n{\n  \"type\": \"json\",\n  \"schema\": {\n    \"message_node\": { \"selector\": \"$.data\" },\n    \"card_node\": { \"selector\": \"ccData.attributes\" }\n  },\n  \"card_token_placement\": {\n    \"type\": \"card_node\",\n    \"card_token_node\": \"token\"\n  },\n  \"card_node\": {\n    \"card_number\": { \"selector\": \"ccNumber\" },\n    \"cardholder_name\": { \"selector\": \"ccHolder\" },\n    \"expiration_month\": { \"selector\": \"ccExpireDate\", \"transformation\": \"substring:0,2\" },\n    \"expiration_year\": { \"selector\": \"ccExpireDate\", \"transformation\": \"substring:3,7\" },\n    \"service_code\": { \"selector\": \"ccCode\" }\n  }\n}\n\n ```\n\nNotes:\n\n- Use of selectors (e.g., JSONPath) is implementation detail; you only need to specify the profile name provided during onboarding.\n    \n- Ask [support@mithras.cloud](https://mailto:support@mithras.cloud) to add or adjust profiles for your integrations.\n    \n\n### Example Profiles (provisioned by Mithras)\n\nChannex:\n\n``` json\n{\n  \"type\": \"json\",\n  \"schema\": {\n    \"message_node\": { \"selector\": \"$.data\" },\n    \"card_node\": { \"selector\": \"attributes.guarantee\" }\n  },\n  \"card_token_placement\": {\n    \"type\": \"card_node\",\n    \"card_token_node\": \"token\",\n    \"error_node\": \"error\"\n  },\n  \"card_node\": {\n    \"card_number\": { \"selector\": \"card_number\" },\n    \"card_type\": { \"selector\": \"card_type\" },\n    \"cardholder_name\": { \"selector\": \"cardholder_name\" },\n    \"expiration_month\": { \"selector\": \"expiration_date\", \"transformation\": \"substring:0,2\" },\n    \"expiration_year\": { \"selector\": \"expiration_date\", \"transformation\": \"substring:3,7\" },\n    \"service_code\": { \"selector\": \"cvv\" }\n  }\n}\n\n ```\n\nRoomCloud:\n\n``` json\n{\n  \"type\": \"json\",\n  \"schema\": {\n    \"message_node\": { \"selector\": \"$\" },\n    \"card_node\": { \"selector\": \"ccData.attributes\" }\n  },\n  \"card_token_placement\": {\n    \"type\": \"card_node\",\n    \"card_token_node\": \"token\",\n    \"error_node\": \"error\"\n  },\n  \"card_node\": {\n    \"card_number\": { \"selector\": \"ccNumber\" },\n    \"cardholder_name\": { \"selector\": \"ccHolder\" },\n    \"expiration_month\": { \"selector\": \"ccExpireDate\", \"transformation\": \"substring:0,2\" },\n    \"expiration_year\": { \"selector\": \"ccExpireDate\", \"transformation\": \"substring:3,7\" },\n    \"service_code\": { \"selector\": \"ccCode\" }\n  }\n}\n\n ```\n\nContact [support@mithras.cloud](https://mailto:support@mithras.cloud) to enable or customize profiles for your integration.\n\n## Special Requirements\n\n- Send Card Proxy requires prior authorization (whitelisting) of the destination HTTPS endpoint. Submit a request to [support@mithras.cloud](https://mailto:support@mithras.cloud) with the full URL prefix and allowed HTTP methods.\n    \n- Production traffic must use HTTPS exclusively.\n    \n\n## Conventions\n\n- `{{vault_endpoint}}` is a placeholder for your assigned base URL.\n    \n- Example requests include realistic payloads and query parameters; adapt as needed for your integration.","schema":"https://schema.getpostman.com/json/collection/v2.0.0/collection.json","isPublicCollection":false,"owner":"9471013","team":578681,"collectionId":"b62c0a19-7847-4425-a959-063c09a4ba3f","publishedId":"2sB3HnJecX","public":true,"publicUrl":"https://cc-vault-docs.mithras.cloud","privateUrl":"https://go.postman.co/documentation/9471013-b62c0a19-7847-4425-a959-063c09a4ba3f","customColor":{"top-bar":"FFFFFF","right-sidebar":"252525","highlight":"0059db"},"documentationLayout":"classic-double-column","customisation":{"metaTags":[{"name":"description","value":"Documentation for the Mithras CC Vault Service"},{"name":"title","value":"Mithras Vault Docs"}],"appearance":{"default":"dark","themes":[{"name":"dark","logo":"https://content.pstmn.io/7f3c969f-4fe1-448e-8cc1-41ac57e90809/bWl0aHJhc19uZWcucG5n","colors":{"top-bar":"000000","right-sidebar":"252525","highlight":"0059db"}},{"name":"light","logo":"https://content.pstmn.io/7f3c969f-4fe1-448e-8cc1-41ac57e90809/bWl0aHJhc19uZWcucG5n","colors":{"top-bar":"FFFFFF","right-sidebar":"252525","highlight":"0059db"}}]}},"version":"8.10.0","publishDate":"2025-09-08T21:09:25.000Z","activeVersionTag":"latest","documentationTheme":"light","metaTags":{"title":"Mithras Vault Docs","description":"Documentation for the Mithras CC Vault Service"},"logos":{"logoLight":"https://content.pstmn.io/7f3c969f-4fe1-448e-8cc1-41ac57e90809/bWl0aHJhc19uZWcucG5n","logoDark":"https://content.pstmn.io/7f3c969f-4fe1-448e-8cc1-41ac57e90809/bWl0aHJhc19uZWcucG5n"}},"statusCode":200},"environments":[],"user":{"authenticated":false,"permissions":{"publish":false}},"run":{"button":{"js":"https://run.pstmn.io/button.js","css":"https://run.pstmn.io/button.css"}},"web":"https://www.getpostman.com/","team":{"logo":"https://res.cloudinary.com/postman/image/upload/t_team_logo_pubdoc/v1/team/5e262d7af54102b632fbb86dbb1e674808a89ccf14be983a29695f8b0c571c7e","favicon":"https://res.cloudinary.com/postman/image/upload/v1597344420/team/enxtzjrdo9gbgeiq6vro.ico"},"isEnvFetchError":false,"languages":"[{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"HttpClient\"},{\"key\":\"csharp\",\"label\":\"C#\",\"variant\":\"RestSharp\"},{\"key\":\"curl\",\"label\":\"cURL\",\"variant\":\"cURL\"},{\"key\":\"dart\",\"label\":\"Dart\",\"variant\":\"http\"},{\"key\":\"go\",\"label\":\"Go\",\"variant\":\"Native\"},{\"key\":\"http\",\"label\":\"HTTP\",\"variant\":\"HTTP\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"OkHttp\"},{\"key\":\"java\",\"label\":\"Java\",\"variant\":\"Unirest\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"Fetch\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"jQuery\"},{\"key\":\"javascript\",\"label\":\"JavaScript\",\"variant\":\"XHR\"},{\"key\":\"c\",\"label\":\"C\",\"variant\":\"libcurl\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Axios\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Native\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Request\"},{\"key\":\"nodejs\",\"label\":\"NodeJs\",\"variant\":\"Unirest\"},{\"key\":\"objective-c\",\"label\":\"Objective-C\",\"variant\":\"NSURLSession\"},{\"key\":\"ocaml\",\"label\":\"OCaml\",\"variant\":\"Cohttp\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"cURL\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"Guzzle\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"HTTP_Request2\"},{\"key\":\"php\",\"label\":\"PHP\",\"variant\":\"pecl_http\"},{\"key\":\"powershell\",\"label\":\"PowerShell\",\"variant\":\"RestMethod\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"http.client\"},{\"key\":\"python\",\"label\":\"Python\",\"variant\":\"Requests\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"httr\"},{\"key\":\"r\",\"label\":\"R\",\"variant\":\"RCurl\"},{\"key\":\"ruby\",\"label\":\"Ruby\",\"variant\":\"Net::HTTP\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"Httpie\"},{\"key\":\"shell\",\"label\":\"Shell\",\"variant\":\"wget\"},{\"key\":\"swift\",\"label\":\"Swift\",\"variant\":\"URLSession\"}]","languageSettings":[{"key":"csharp","label":"C#","variant":"HttpClient"},{"key":"csharp","label":"C#","variant":"RestSharp"},{"key":"curl","label":"cURL","variant":"cURL"},{"key":"dart","label":"Dart","variant":"http"},{"key":"go","label":"Go","variant":"Native"},{"key":"http","label":"HTTP","variant":"HTTP"},{"key":"java","label":"Java","variant":"OkHttp"},{"key":"java","label":"Java","variant":"Unirest"},{"key":"javascript","label":"JavaScript","variant":"Fetch"},{"key":"javascript","label":"JavaScript","variant":"jQuery"},{"key":"javascript","label":"JavaScript","variant":"XHR"},{"key":"c","label":"C","variant":"libcurl"},{"key":"nodejs","label":"NodeJs","variant":"Axios"},{"key":"nodejs","label":"NodeJs","variant":"Native"},{"key":"nodejs","label":"NodeJs","variant":"Request"},{"key":"nodejs","label":"NodeJs","variant":"Unirest"},{"key":"objective-c","label":"Objective-C","variant":"NSURLSession"},{"key":"ocaml","label":"OCaml","variant":"Cohttp"},{"key":"php","label":"PHP","variant":"cURL"},{"key":"php","label":"PHP","variant":"Guzzle"},{"key":"php","label":"PHP","variant":"HTTP_Request2"},{"key":"php","label":"PHP","variant":"pecl_http"},{"key":"powershell","label":"PowerShell","variant":"RestMethod"},{"key":"python","label":"Python","variant":"http.client"},{"key":"python","label":"Python","variant":"Requests"},{"key":"r","label":"R","variant":"httr"},{"key":"r","label":"R","variant":"RCurl"},{"key":"ruby","label":"Ruby","variant":"Net::HTTP"},{"key":"shell","label":"Shell","variant":"Httpie"},{"key":"shell","label":"Shell","variant":"wget"},{"key":"swift","label":"Swift","variant":"URLSession"}],"languageOptions":[{"label":"C# - HttpClient","value":"csharp - HttpClient - C#"},{"label":"C# - RestSharp","value":"csharp - RestSharp - C#"},{"label":"cURL - cURL","value":"curl - cURL - cURL"},{"label":"Dart - http","value":"dart - http - Dart"},{"label":"Go - Native","value":"go - Native - Go"},{"label":"HTTP - HTTP","value":"http - HTTP - HTTP"},{"label":"Java - OkHttp","value":"java - OkHttp - Java"},{"label":"Java - Unirest","value":"java - Unirest - Java"},{"label":"JavaScript - Fetch","value":"javascript - Fetch - JavaScript"},{"label":"JavaScript - jQuery","value":"javascript - jQuery - JavaScript"},{"label":"JavaScript - XHR","value":"javascript - XHR - JavaScript"},{"label":"C - libcurl","value":"c - libcurl - C"},{"label":"NodeJs - Axios","value":"nodejs - Axios - NodeJs"},{"label":"NodeJs - Native","value":"nodejs - Native - NodeJs"},{"label":"NodeJs - Request","value":"nodejs - Request - NodeJs"},{"label":"NodeJs - Unirest","value":"nodejs - Unirest - NodeJs"},{"label":"Objective-C - NSURLSession","value":"objective-c - NSURLSession - Objective-C"},{"label":"OCaml - Cohttp","value":"ocaml - Cohttp - OCaml"},{"label":"PHP - cURL","value":"php - cURL - PHP"},{"label":"PHP - Guzzle","value":"php - Guzzle - PHP"},{"label":"PHP - HTTP_Request2","value":"php - HTTP_Request2 - PHP"},{"label":"PHP - pecl_http","value":"php - pecl_http - PHP"},{"label":"PowerShell - RestMethod","value":"powershell - RestMethod - PowerShell"},{"label":"Python - http.client","value":"python - http.client - Python"},{"label":"Python - Requests","value":"python - Requests - Python"},{"label":"R - httr","value":"r - httr - R"},{"label":"R - RCurl","value":"r - RCurl - R"},{"label":"Ruby - Net::HTTP","value":"ruby - Net::HTTP - Ruby"},{"label":"Shell - Httpie","value":"shell - Httpie - Shell"},{"label":"Shell - wget","value":"shell - wget - Shell"},{"label":"Swift - URLSession","value":"swift - URLSession - Swift"}],"layoutOptions":[{"value":"classic-single-column","label":"Single Column"},{"value":"classic-double-column","label":"Double Column"}],"versionOptions":[],"environmentOptions":[{"value":"0","label":"No Environment"}],"canonicalUrl":"https://cc-vault-docs.mithras.cloud/view/metadata/2sB3HnJecX"}