Exporting Credit Cards

Performing an export from Spreedly to a supported gateway, whether for the purpose of migrating one of your merchants to a new provider or for leaving the Spreedly platform completely, is a self-service process that lets you control the export timing and specifics of the process. If your export destination is not supported by our API, however, we do offer a manual export option.

In both cases, each card exported will count as one transaction against your plan unless you are using store to send the card to a partner endpoint and you are on an annual plan. There is no fee per transaction with partner endpoints on annual plans.

Supported endpoints

For any gateways that support the store transaction, you can perform an automated export. These gateways include:

If your gateway is not listed here, let us know, and we can investigate adding it for you.

Performing the export

To perform an export, iterate through your list of payment method tokens and use the API to copy a payment method currently in your Spreedly vault to the gateway. The response will include the gateway’s identifying token which you can then use to transact directly against the target gateway.


curl https://core.spreedly.com/v1/gateways/LlkjmEk0xNkcWrNixXa1fvNoTP4/store.xml \
  -u 'C7cRfNJGODKh4Iu5Ox3PToKjniY:4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ' \
  -H 'Content-Type: application/xml' \
  -d '<transaction>
    <payment_method_token>EEifwic1wrGaHaRrdBhfLlYqecZ</payment_method_token>
  </transaction>'

You’ll notice in the response that comes back that the ThirdPartyToken payment method has a field called third_party_token. This is the unique ID of the payment method at the gateway.


<transaction>
  <created_at type="dateTime">2017-07-27T17:53:22Z</created_at>
  <updated_at type="dateTime">2017-07-27T17:53:22Z</updated_at>
  <succeeded type="boolean">true</succeeded>
  <token>M6i0pval4KIZBBBGz16ZOqCVhWh</token>
  <state>succeeded</state>
  <gateway_specific_fields nil="true"/>
  <gateway_specific_response_fields>
  </gateway_specific_response_fields>
  <transaction_type>Store</transaction_type>
  <third_party_token nil="true"/>
  <gateway_transaction_id>58</gateway_transaction_id>
  <gateway_latency_ms type="integer">0</gateway_latency_ms>
  <message key="messages.transaction_succeeded">Succeeded!</message>
  <gateway_token>T11bJAANtTWnxl36GYjKWvbNK0g</gateway_token>
  <payment_method>
    <token>2MPedsuenG2o8yFfrsdOBWmOuEf</token>
    <created_at type="dateTime">2017-07-27T17:53:22Z</created_at>
    <updated_at type="dateTime">2017-07-27T17:53:22Z</updated_at>
    <gateway_type>test</gateway_type>
    <storage_state>retained</storage_state>
    <third_party_token>test_vault:4111111111111111</third_party_token>
    <payment_method_type>third_party_token</payment_method_type>
    <errors>
    </errors>
  </payment_method>
  <basis_payment_method>
    <token>EToYqm9L2xXQY0wKt9zh1NO0jlX</token>
    <created_at type="dateTime">2017-07-27T17:53:22Z</created_at>
    <updated_at type="dateTime">2017-07-27T17:53:22Z</updated_at>
    <email nil="true"/>
    <data nil="true"/>
    <storage_state>cached</storage_state>
    <test type="boolean">true</test>
    <last_four_digits>1111</last_four_digits>
    <first_six_digits>411111</first_six_digits>
    <card_type>visa</card_type>
    <first_name>Bob</first_name>
    <last_name>Smith</last_name>
    <month type="integer">2</month>
    <year type="integer">2020</year>
    <address1 nil="true"/>
    <address2 nil="true"/>
    <city nil="true"/>
    <state nil="true"/>
    <zip nil="true"/>
    <country nil="true"/>
    <phone_number nil="true"/>
    <company nil="true"/>
    <full_name>Bob Smith</full_name>
    <eligible_for_card_updater type="boolean">true</eligible_for_card_updater>
    <shipping_address1 nil="true"/>
    <shipping_address2 nil="true"/>
    <shipping_city nil="true"/>
    <shipping_state nil="true"/>
    <shipping_zip nil="true"/>
    <shipping_country nil="true"/>
    <shipping_phone_number nil="true"/>
    <payment_method_type>credit_card</payment_method_type>
    <errors>
    </errors>
    <verification_value>XXX</verification_value>
    <number>XXXX-XXXX-XXXX-1111</number>
    <fingerprint>e3cef43464fc832f6e04f187df25af497994</fingerprint>
  </basis_payment_method>
  <response>
    <success type="boolean">true</success>
    <message>Successful store</message>
    <avs_code nil="true"/>
    <avs_message nil="true"/>
    <cvv_code nil="true"/>
    <cvv_message nil="true"/>
    <pending type="boolean">false</pending>
    <result_unknown type="boolean">false</result_unknown>
    <error_code></error_code>
    <error_detail nil="true"/>
    <cancelled type="boolean">false</cancelled>
    <fraud_review nil="true"/>
    <created_at type="dateTime">2017-07-27T17:53:22Z</created_at>
    <updated_at type="dateTime">2017-07-27T17:53:22Z</updated_at>
  </response>
</transaction>


env = Spreedly::Environment.new('C7cRfNJGODKh4Iu5Ox3PToKjniY', '4UIuWybmdythfNGPqAqyQnYha6s451ri0fYAo4p3drZUi7q2Jf4b7HKg8etDtoKJ', base_url: 'https://core.spreedly.com')
env.store_on_gateway("LlkjmEk0xNkcWrNixXa1fvNoTP4", "56wyNnSmuA6CWYP7w0MiYCVIbW6")

You’ll notice in the response that comes back that the ThirdPartyToken payment method has a field called third_party_token. This is the unique ID of the payment method at the gateway.


#<Spreedly::Store:0x007fe332b17368
@token="EGi7bBA8f01uMlfjjKD2lltB40",
@created_at="2017-07-27T17:53:23Z",
@updated_at="2017-07-27T17:53:23Z",
@state="succeeded",
@message="Succeeded!",
@succeeded="true",
@payment_method,=
#<Spreedly::ThirdPartyToken:0x007fe332a34ba8
@token="H5MWfPUH8DYYLMHrvvIVcicpR6z",
@created_at="2017-07-27T17:53:23Z",
@updated_at="2017-07-27T17:53:23Z",
@gateway_type="test",
@storage_state="retained",
@third_party_token="test_vault:4111111111111111">,
@basis_payment_method,=
#<Spreedly::CreditCard:0x007fe33296a010
@token="1rpKvP8zOUhj4Y9EDrIoIYQzzD5",
@created_at="2017-06-26T17:04:38Z",
@updated_at="2017-07-27T17:53:23Z",
@email="joey@example.com",
@storage_state="retained",
@data="<my_payment_method_identifier>448</my_payment_method_identifier>\n      <extra_stuff>\n        <some_other_things>Can be anything really</some_other_things>\n      </extra_stuff>",
@first_name="Newfirst",
@last_name="Newlast",
@full_name="Newfirst Newlast",
@month="3",
@year="2032",
@number="XXXX-XXXX-XXXX-1111",
@last_four_digits="1111",
@first_six_digits="411111",
@card_type="visa",
@verification_value="",
@address1="",
@address2="",
@city="",
@state="",
@zip="",
@country="",
@phone_number="",
@company="",
@fingerprint="e3cef43464fc832f6e04f187df25af497994",
@eligible_for_card_updater="true",
@errors=[]>,
@response,=
#<Spreedly::Response:0x007fe3328b06d8
@success="true",
@pending="false",
@cancelled="false",
@fraud_review="",
@created_at="2017-07-27T17:53:23Z",
@updated_at="2017-07-27T17:53:23Z",
@message="Successful store",
@avs_code="",
@avs_message="",
@cvv_code="",
@cvv_message="",
@error_code="",
@error_detail="">>

At this point you have a payment method stored at Spreedly and one stored at the gateway (stored in your Spreedly environment as a new third party token payment method). If you are no longer using Spreedly to transact against the payment method and don’t wish to be charged for its storage, you must redact both the original payment method and the third party token payment method created during the store operation.

When performing an export we ask that you limit your requests to no more than five concurrent requests as, for some gateways, the store call can take some time to execute.

Unsupported endpoints

If the location you’re exporting to is not on our supported gateway list, we’ll need to do a manual export of the data. A manual export involves the secure exchange of encrypted files between Spreedly and the PCI compliant third party location. Expect it to take from 3 to 7 days to complete, assuming the third party location you’re exporting to is responsive.

You must provide Spreedly with your environment key(s) where the tokens are located, and a .csv file of the tokens you would like to export. If you’d like to clear out an entire environment, the .csv file is not necessary, but please let us know in your request that you’d like a complete migration.

We will set up an SFTP endpoint on our end and provide the third party you’re exporting the data to with login credentials (encrypted with their PGP key). The third party can retrieve the export file in JSON format from our SFTP endpoint.

After the export is complete, the Spreedly tokens will still remain in your vault. It is your responsiblity to redact any payment data you no longer want Spreedly to store on your behalf.

Note that Spreedly does one free export per merchant for each third party storage service receiving data. Should you or your customer request multiple exports to the same third party storage service, Spreedly will charge for each additional export.

Please contact us to request an export or discuss pricing details.