Encryption Keys

Protecting customers' payment information is key. Our API uses strong encryption to safeguard sensitive data. This guide explains how to securely handle encryption for card data in your integration.

Fetching Encryption Keys

To encrypt sensitive card information, you'll first need to retrieve your unique encryption keys. To fetch your keys, make a GET request to the following endpoint:

GET /payment-sessions/encryption-keys/:mode

Parameters

Name
Description
Data Type

mode

Environment Mode Available Values: live, test

String

Successful Response (200 OK):

{
  "data": {
    "encryption_key": "67634cc972d2433b8725c8f6fbfdf792"
  }
}

Error Response (400 Bad Request):

Indicates an issue with the request, such as an invalid mode.

Encrypting Card Data

Once you have your encryption key, use the provided code examples to encrypt card data on the client-side before sending it to our servers.

Never send raw card data directly to your backend or our API. Always encrypt it first.

PHP Example

function card_encrypt($payload, $key) {
    $iv = openssl_random_pseudo_bytes(16);
    $cipher_text = openssl_encrypt($payload, "aes-256-gcm", $key, OPENSSL_RAW_DATA, $iv, $tag);
    return implode(':',[bin2hex($iv),bin2hex($cipher_text),bin2hex($tag)]);
}

JavaScript Example

const cardEncrypt = async (payload, encKey) => {
  const _iv = getRandomValues(new Uint8Array(12));
  const encodedPlaintext = new TextEncoder().encode(payload);
  const secretKey = await subtle.importKey(
    "raw",
    Buffer.from(encKey, "utf8"),
    {
      name: "AES-GCM",
      length: 256,
    },
    true,
    ["encrypt", "decrypt"],
  );
  const cipherText = await subtle.encrypt(
    {
      name: "AES-GCM",
      iv: _iv,
    },
    secretKey,
    encodedPlaintext,
  );
  const [value, auth_tag] = [
    cipherText.slice(0, cipherText.byteLength - 16),
    cipherText.slice(cipherText.byteLength - 16),
  ];
  const cipher = Buffer.from(value).toString("hex");
  const iv = Buffer.from(_iv).toString("hex");
  const tag = Buffer.from(auth_tag).toString("hex");
  return [iv, cipher, tag].join(":");
};
PreviousOverviewNextInitialize Payment

Last updated