Create Outbound Routes to 3rd-parties

Create Outbound Routes to Each 3rd-party

3rd-party (KYC/AML/ID Verification)

  1. If not already logged in, log into your VGS Dashboard (https://dashboard.verygoodsecurity.com).
  2. On the top, left-hand side, just under the organization name, click on the “Vault” tab.
  3. On the left-hand side, under “Vault”, click on “Routes”.
  4. At the top, just under the “Vault ID”, select the “HTTP” tab.
  5. Under the “HTTP” tab, select the “All” tab.
  6. On the right-hand side, click on “Add Route” and select “Outbound route”.
  7. The following picture highlights, with red boxes, the areas to select/modify in steps #2 through #6.

VGS Dashboard Routes

  1. Under Upstream Host, modify the Upstream Host to point to Prove’s base API endpoint (https://api.staging.payfone.com).
  2. Scroll down to “Filters”.
  3. Under “Conditions” in the default filter, set an OR condition with the following settings: * PathInfo matches “/identity/v2”. This points to your server-side API endpoint destination.
    or
    * PathInfo matches “/identity/verify/v2”. This points to your server-side API endpoint destination.
    or
    * PathInfo matches “/trust/v2”. This points to your server-side API endpoint destination.
  4. Phase: “On request”. This defines the API phase. In this case, this filter will trigger on initial API call.
  5. Scroll down and select the “Basic” tab below “Tag”.
  6. Under “Operation”, select “REVEAL” to reveal the sensitive data alias.
  7. Under “Content Type, select “Json” to identify the content type of the request.
  8. Under “Fields in JSON path”, enter “$.phoneNumber” into field 1.
  9. Scroll down to “Storage” below “Targets”.
  10. Click on “Storage” field and select “Persistent”.
  11. Under “Alias Format”, click the field and select “Account Number - Number Length Preserving (A4) - xxxxxxxxxxxx.
  12. The following pictures highlights, with red boxes, the areas to select/modify in steps #8 through #18.

VGS Dashboard Outbound Routes Upstream Host Prove

VGS Dashboard Outbound Routes Reveal Phone Number Conditions Prove

VGS Dashboard Outbound Routes Reveal Phone Number Variable Prove

  1. Scroll down and hit “Add filter” to add the next filter.
  2. Under “Conditions” in the default filter, set an OR condition with the following settings: * PathInfo matches “/identity/v2”. This points to your server-side API endpoint destination.
    or
    * PathInfo matches “/identity/verify/v2”. This points to your server-side API endpoint destination.
    or
    * PathInfo matches “/trust/v2”. This points to your server-side API endpoint destination.
  3. Phase: “On request”. This defines the API phase. In this case, this filter will trigger on initial API call.
  4. Scroll down and select the “Basic” tab below “Tag”.
  5. Under “Operation”, select “REVEAL” to reveal the sensitive data alias.
  6. Under “Content Type, select “Json” to identify the content type of the request.
  7. Under “Fields in JSON path”, enter “$.ssn” into field 1.
  8. Scroll down to “Storage” below “Targets”.
  9. Click on “Storage” field and select “Persistent”.
  10. Under “Alias Format”, click the field and select “SSN - Format Preserving (A4) - xxx-xx-.
  11. Scroll to the bottom and hit “Save” in the bottom, right-hand side.
  12. Check for successful route update message in green.
  13. The following pictures highlights, with red boxes, the areas to select/modify in steps #20 through #31.

VGS Dashboard Outbound Routes Reveal SSN Conditions Prove

VGS Dashboard Outbound Routes Reveal SSN Variable Prove

VGS Dashboard Outbound Routes Save Confirm Prove

3rd-party (Card Issuance)

  1. On the top, left-hand side, just under the organization name, click on the “Vault” tab.
  2. On the left-hand side, under “Vault”, click on “Routes”.
  3. At the top, just under the “Vault ID”, select the “HTTP” tab.
  4. Under the “HTTP” tab, select the “Outbound” tab.
  5. Scroll down to the outbound route with UPSTREAM set to “api.stripe.com”.
  6. On the right-hand side, click on “Manage”.
  7. The following picture highlights, with red boxes, the areas to select/modify in steps #1 through #6.

VGS Dashboard Routes

  1. Under Upstream Host, review the setting pointing to Stripe’s base API endpoint (https://api.stripe.com).
  2. Scroll down to the bottom of the page.
  3. Hit “Add filter” to add the next filter.
  4. Under “Conditions” in the default filter, set the following:
    * PathInfo matches “/v1/issuing/cardholders”. This points to your server-side API endpoint destination.
  5. Phase: “On request”. This defines the API phase. In this case, this filter will trigger on API call response.
  6. Scroll down and select the “Basic” tab below “Tag”.
  7. Under “Operation”, select “REVEAL” to reveal the sensitive data alias.
  8. Under “Content Type, select “Form” to identify the content type of the request.
  9. Under “Fields in JSON path”, enter “phone_number” into field 1.
  10. Scroll down to “Storage” below “Targets”.
  11. Click on “Storage” field and select “Persistent”.
  12. Under “Alias Format”, click the field and select “Account Number - Number Length Preserving (A4) - xxxxxxxxxxxx.
  13. The following pictures highlights, with red boxes, the areas to select/modify in steps #8 through #19.

VGS Dashboard Outbound Routes Upstream Host Stripe Card Issuance

VGS Dashboard Outbound Route Card Issuance Add Filter Stripe

VGS Dashboard Outbound Routes Reveal Phone Number Conditions Stripe Card Issuance

VGS Dashboard Outbound Routes Reveal Phone Number Variable Stripe Card Issuance

  1. Scroll down and hit “Add filter” to add the next filter.
  2. Under “Conditions” in the default filter, set the following: * PathInfo matches “/v1/issuing/cards/(.*)”. This points to your server-side API endpoint destination.
  3. Phase: “On response”. This defines the API phase. In this case, this filter will trigger on API call response.
  4. Scroll down and select the “Basic” tab below “Tag”.
  5. Under “Operation”, select “REDACT” to secure the sensitive data.
  6. Under “Content Type, select “Json” to identify the content type of the request.
  7. Under “Fields in JSON path”, enter “$.number” into field 1.
  8. Scroll down to “Storage” below “Targets”.
  9. Click on “Storage” field and select “Persistent”.
  10. Under “Alias Format”, click the field and select “Payment Card - Format Preserving, Luhn Valid (6T4)”. .
  11. The following pictures highlights, with red boxes, the areas to select/modify in steps #21 through #30.

VGS Dashboard Outbound Routes Redact PAN Conditions Stripe Card Issuance

VGS Dashboard Outbound Routes Redact PAN Variable Stripe Card Issuance

  1. Scroll down and hit “Add filter” to add the next filter.
  2. Under “Conditions” in the default filter, set an OR condition with the following settings: * PathInfo matches “/v1/issuing/cards/(.*)”. This points to your server-side API endpoint destination.
  3. Phase: “On response”. This defines the API phase. In this case, this filter will trigger on initial API call.
  4. Scroll down and select the “Basic” tab below “Tag”.
  5. Under “Operation”, select “REDACT” to secure the sensitive data.
  6. Under “Content Type, select “Json” to identify the content type of the request.
  7. Under “Fields in JSON path”, enter “$.cvc” into field 1.
  8. Scroll down to “Storage” below “Targets”.
  9. Click on “Storage” field and select “Volatile”.
  10. Under “Alias Format”, click the field and select “Generic VGS Alias (Default) - tok_sandbox_xxxxxxxxxxxxxxxxxxxxxx.
  11. Scroll to the bottom and hit “Save” in the bottom, right-hand side.
  12. Check for successful route update message in green.
  13. The following pictures highlights, with red boxes, the areas to select/modify in steps #32 through #43.

VGS Dashboard Outbound Routes Redact CVC Conditions Stripe Card Issuance

VGS Dashboard Outbound Routes Redact CVC Variable Stripe Card Issuance

VGS Dashboard Outbound Routes Save Confirm Stripe Card Issuance

Congratulations, you have finished this section.