Encryption Keys
Secure your card data with strong encryption
Payment Data Encryption
Never send raw card data directly to your backend or our API. All sensitive payment information must be encrypted client-side before transmission.
Protecting customer payment information is critical. Our API uses strong encryption to safeguard sensitive data. This guide explains how to securely handle encryption for card data in your integration.
Fetching Encryption Keys
To encrypt sensitive card information, you first need to retrieve your unique encryption keys. Make a GET request to:
Parameters
Environment Mode. Available Values: live
, test
Successful Response (200 OK):
Error Response (400 Bad Request):
Indicates an issue with the request, such as an invalid mode
.
Encryption Process
When handling sensitive card data, follow these steps:
-
Fetch the encryption key for your environment (test/live)
-
Format the card data as a JSON string
-
Generate a random initialization vector (IV)
-
Encrypt the data using AES-256-GCM with your encryption key and IV
-
Concatenate the hex-encoded IV, ciphertext, and authentication tag
-
Send the encrypted data to our API
Never send raw card data directly to your backend or our API. Always encrypt it first on the client-side.