Vault and SDK Model

The Vault & Proxy model treats Hyperswitch as a secure "pipe." You maintain full control over the orchestration logic and the specific API calls sent to processors. In this workflow, the customer enters payment details into the Hyperswitch SDK, which tokenizes the data directly with the Hyperswitch Vault.

Your backend then constructs a request intended for your processor (e.g., Stripe, Adyen) using placeholders instead of raw card data. This request is routed through the Hyperswitch Proxy, which injects the actual card details just before forwarding the request to the processor. This ensures raw card data never touches your servers, while allowing you to maintain your legacy backend logic. This model is ideal if you are planning to keep existing processor integrations (e.g., direct calls to Checkout.com or legacy gateways) but need to remove raw card data from your systems to reduce PCI scope.

Understanding Payment and Vault Flow

Vaulting :

Instead of processing the card immediately, we secure it first and give you a safe reference token.

1. Tokenization (Vault): Sensitive payment data is sent directly from the client to the Hyperswitch Vault. You receive a non-sensitive token in return.

Payment using stored card :

1. Custom Orchestration: Your backend decides exactly when and where to process the payment.

2. Secure Passthrough (Proxy): When you are ready to charge, you send the request to the Hyperswitch Proxy API along with the payment method id, targeting the processor's native endpoint.

3. Redaction & Injection: The Proxy identifies the token in your payload, injects the real card data from the Vault based on the payment method id, and forwards the full request to the processor.

Integration Documetation :

• Vault SDK Integration

• Proxy Payment Integration Guide