Skip to main content
The Storage endpoints provide two complementary mechanisms for persisting private data server-side:
  • Private XML — lightweight, account-scoped XML storage keyed by element namespace. Suitable for preferences and small structured data.
  • Vault — encrypted, PCI/DSS-compliant storage for sensitive information (e.g. payment details). Returns an opaque vaultId so the client never needs to store the raw data locally. Vault items can be searched, shared via time-limited links, and individually deleted.
All endpoints require a valid JWT bearer token. Vault data is encrypted at rest and accessible only to the owning account (or via an authorized vault link).

Endpoints

Private XML vs. vault

Create vault link produces a signed URL that can be distributed to third parties. Links can be:
  • Time-limited — expires after a configurable TTL (seconds).
  • Use-limited — becomes invalid after a set number of accesses.
  • Masked — returns only the masked version of tag values.
Recipients use Content to retrieve the data at the link URL.