Payment Method Distribution

In addition to the built-in gateway integration, Spreedly also supports the ability to distribute vaulted credit card data to non-gateway, PCI compliant, third parties (referred to as “receivers”). Distribution differs from third party vaulting in that the recipient of the card data is not a known and supported gateway – it can be any third party with whom you do business and is PCI compliant themselves.

How Distribution Works

Using Payment Method Distribution allows you to transact against another service’s API, while still controlling your customer’s card data by vaulting with Spreedly. Consider the following business that needs this ability:

You are a travel service that books accomodations on behalf of your users. You store your customer’s card data in Spreedly up front and use that data to later purchase airline and hotel reservations on behalf of your customers. You only have to ask your customers for their credit card information one time, but can use it to make purchases against several independent services (the airlines, hotels etc…) at booking time. The card data is only transmitted between PCI compliant parties (Spreedly and the airline and hotel endpoints), ensuring compliance with PCI standards.


Spreedly’s payment method distribution functionality enables businesses to transact with multiple PCI-compliant endpoints on behalf of its customers, via a single, consistent, integration.

Single vs. Batch Distribution

Payment method distribution can operate in two modes - single card vs. batch export. If you have an external HTTP API you wish to target that exposes an endpoint that accepts a single card per call, you need the single card mode of PMD. If you have an SFTP endpoint that accepts a file containing multiple cards, then use the batch export mode of PMD.

In both modes, the basic workflow remains the same. You specify a template that tells Spreedly how to format the request, the card or cards to deliver, and Spreedly executes the call on your behalf. Batch export operates in an asynchronous fashion, which involves a little more complexity, but the two modes have more in common than they do otherwise.

Supporting Your Receiver

You can begin developing and testing your PMD workflow using a test receiver. However, before you can distribute real payment method data, you have to get your receiver confirmed and white-listed. Please email the following information to Spreedly to get your receiver in the approval queue. (Alternatively, if you have an existing relationship or contact at the receiver company, you can direct them to Becoming a Receiver. This page is written from their perspective and lets you avoid just being a go-between Spreedly and the receiver.)

  • The receiver name/company along with a link to their public site
  • Proof of the receiver’s level of PCI compliance. Their AOC and most recent security scan usually suffices. Please make sure there is an explicit correlation between the company with the AOC and the API endpoint URL. You can see an example of an AOC and security scan with Spreedly’s own documents which are publicly available.
  • The production URL you will be invoking on the receiver with Spreedly payment data. The production URL must utilize SSL.

We ask that you allow about 2 weeks for Spreedly to approve and configure a receiver for production use. During this time you can begin testing against a test receiver, which allows test payment methods to be delivered to any user-specified endpoint URL.

List of Supported Receivers

We currently support the following receiver types (and their associated whitelisted URLs):

Company Receiver Type and Hostnames
A1 Payments a1_payments
https://www.a1payments.com
Acapture acapture
https://oppwa.com
Ace Rent a Car ace_rent_a_car
https://ota.acerentacar.com
Adquira adquira
https://www.adquiramexico.com.mx
Alliance Reservations Network alliance_reservations_network
https://tripauthority.com
Allianz Global Assistance allianz_global_assistance
https://gateway.americas.allianz-assistance.com
American Express american_express
https://api.qa.americanexpress.com,
https://api.americanexpress.com,
https://www206.americanexpress.com,
https://fsgateway.aexp.com,
sftp://fsgateway.aexp.com
BBC Shop bbc_shop
https://www.bbcshop.com
Bink bink
sftp://sftp.bink.com/
Blackbaud blackbaud
https://payment.service.blackbaudhost.com
Blacklane blacklane
https://sabretsx.blacklane.com
Blue Ribbon Bags blue_ribbon_bags
https://api.blueribbonbags.com
Bluesnap bluesnap
https://ws.bluesnap.com
Booking.com bookingcom
https://secure-distribution-xml.booking.com
Braintree Payments braintree
https://api.braintreegateway.com,
https://www.braintreegateway.com
Cashbackapp Mastercard Member Test Facitilty cashbackapp_mastercard_mtf
https://ws.mastercard.com
Cashbackapp Mastercard cashbackapp_mastercard
https://ws.mastercard.com
Cashbackpoint cashbackpoint
sftp://sftp.cashbackpoint.com
CASHNet cashnet
https://commerce.cashnet.com
Chain Commerce chain_commerce
https://webservices.chaincommerce.com
Clover clover
https://api.clover.com
Cosmic Cart cosmic_cart
https://cosmiccart.com
CrowdTorch crowd_torch
https://embed.laughstub.com
CyberSource cybersource
https://secureacceptance.cybersource.com
Demandware demandware
https://*.demandware.net
DirectConnect direct_connect
https://gateway.1directconnect.com
Diane Von Furstenberg dvf
https://www.dvf.com
Economy Rent a Car economy_rent_a_car
https://production.economyrentacar.com
ePay epay
https://relay.ditonlinebetalingssystem.dk
Electronic Payment Exchange epx
https://secure.epx.com
Eventbrite eventbrite
https://www.eventbriteapi.com
FanXchange fan_xchange
https://www.fanxchange.com,
https://uat-affiliate-api.fanxchange.com,
https://affiliate-api.fanxchange.com
Farelogix farelogix
https://api.farelogix.com
First Data India Pvt Ltd. first_data_india
https://www.firstdatamerchantservices.com
Global Technology Partners global_technology_partners
https://www.gtpsecurecard.com
Golf18Network golf18_network
https://www.golf18network.com
GolfNow golf_now
https://tr.gnsvc.com/
Hertz hertz
https://vv.xnet.hertz.com,
https://ota.dollar.com
JEM Marketing jem_marketing
https://office.j-e-m.com
Lincoln Center lincoln_center
https://lcpatesssoap.lcinc.org,
https://lcpaqatesssoap.lcinc.org
Loyalty Angels Mastercard Member Test Facitilty loyalty_angels_mastercard_mtf
https://ws.mastercard.com
Loyalty Angels Mastercard loyalty_angels_mastercard
https://ws.mastercard.com
Mastercard Member Test Facility mastercard_mtf
https://ws.mastercard.com
Mastercard mastercard
https://ws.mastercard.com
Network for Good network_for_good
https://api.networkforgood.org
NÜ Car Rentals nu_car_rentals
https://wservices.nucarrentals.com:8443
Omnivore omnivore
https://api.omnivore.io/
ONPEX onpex
https://gate.opx.io
Pace Payment Systems pace_payment_systems
https://trans.pacepayment.com
Paycorp paycorp
https://myeftpos.eftpos.co.za
Payflow payflow
https://payflowpro.paypal.com
Paymark Click paymark_click
https://secure.paymarkclick.co.nz
Payvision payvision
https://processor.payvisionservices.com
PrimeSport prime_sport
https://api.primesport.com
PromisePay promisepay
https://centinel600.cardinalcommerce.com/
Qualpay, Inc qualpay
https://api.qualpay.com
RedCoach red_coach
https://websales.redcoachusa.com/
RedShield red_shield
https://emea.red-xml.com:5443
Sabre sabre
https://webservices.sabre.com,
https://webservices3.sabre.com,
https://webservices.havail.sabre.com
Sage Pay sage_pay
https://live.sagepay.com
Shopify shopify
https://elb.deposit.shopifycs.com/
SiteMinder site_minder
https://ws.siteminder.com
Spreedly spreedly
https://core.spreedly.com
Stripe stripe
https://api.stripe.com
SynXis synxis
https://interface.synxis.com
Target target
https://secure-api.target.com
Transcor Data Services tds_tickets
https://gtg.tdstickets.com:38080
Telecharge telecharge
https://xml.telecharge.com,
https://xmlsg.telecharge.com
Tempus Technologies tempus
https://*.spectrumretailnet.com
Tessitura tessitura_ramp
https://*.tessituranetworkramp.com
TicketNetwork.com ticket_network
https://tnwebservices.ticketnetwork.com
TokenEx tokenex
https://api.tokenex.com
Travelfusion travel_fusion
https://api.travelfusion.com
Travelport travelport
https://americas.universal-api.travelport.com
Travolutionary travolutionary
https://services.carsolize.com
TSD tsd
https://weblink.tsdasp.net
Two Tap two_tap
https://api.twotap.com
RentPayment vacation_rent_payment
https://www.rentpayment.com
Viator viator
https://viatorapi.viator.com
Virtual Card Services virtual_card_services
https://www.vcs.co.za
Walpay walpay
https://prod.cc-gw-wal.com
Wantickets wantickets
https://www.wantickets.com
Worldpay RiskGuardian worldpay_riskguardian
https://trx9.wpstn.com/stlinkssl/stlink.dll,
https://trx3.wpstn.com/stlinkssl/stlink.dll,
https://trx1.wpstn.com/stlinkssl/stlink.dll,
https://test1.wpstn.com/stlinkssl/stlink.dll
YapStone yapstone
https://www.vacationrentpayment.com