Encryption Keys
Protecting customers' payment information is key. Our API uses strong encryption to safeguard sensitive data. This guide explains how to securely handle encryption for card data in your integration.
Fetching Encryption Keys
To encrypt sensitive card information, you'll first need to retrieve your unique encryption keys. To fetch your keys, make a GET request to the following endpoint:
GET /payment-sessions/encryption-keys/:mode
Parameters
Name
Description
Data Type
mode
Environment Mode Available Values: live, test
String
Successful Response (200 OK):
{
"data": {
"encryption_key": "67634cc972d2433b8725c8f6fbfdf792"
}
}
Error Response (400 Bad Request):
Indicates an issue with the request, such as an invalid mode
.
Encrypting Card Data
Once you have your encryption key, use the provided code examples to encrypt card data on the client-side before sending it to our servers.
PHP Example
function card_encrypt($payload, $key) {
$iv = openssl_random_pseudo_bytes(16);
$cipher_text = openssl_encrypt($payload, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $tag);
return implode(':',[bin2hex($iv),bin2hex($cipher_text),bin2hex($tag)]);
}
JavaScript Example
const cardEncrypt = async (payload, encKey) => {
const _iv = getRandomValues(new Uint8Array(12));
const encodedPlaintext = new TextEncoder().encode(payload);
const secretKey = await subtle.importKey(
"raw",
Buffer.from(encKey, "utf8"),
{
name: "AES-GCM",
length: 256,
},
true,
["encrypt", "decrypt"],
);
const cipherText = await subtle.encrypt(
{
name: "AES-GCM",
iv: _iv,
},
secretKey,
encodedPlaintext,
);
const [value, auth_tag] = [
cipherText.slice(0, cipherText.byteLength - 16),
cipherText.slice(cipherText.byteLength - 16),
];
const cipher = Buffer.from(value).toString("hex");
const iv = Buffer.from(_iv).toString("hex");
const tag = Buffer.from(auth_tag).toString("hex");
return [iv, cipher, tag].join(":");
};
Last updated