POST
/
v3
/
{id}
/
encryptcardpaymentinfo
curl --request POST \
  --url https://integration-api-cat2./%7B{environment}%7D.ext.%7B{realm}%7D.cia.enfuce.com/card/v3/{id}/encryptcardpaymentinfo \
  --header 'Content-Type: application/json' \
  --data '{
  "encryptionKey": "<string>",
  "encryptionMethod": "RSA_ECB_OAEP_SHA256_MGF1_2048",
  "fields": [
    "fullCardNumber"
  ]
}'
{
  "fullCardNumber": "<string>",
  "expirationDate": "<string>",
  "cvv2": "<string>"
}

This is a web service designed to give the card payment information needed for doing e-commerce payments, meaning full PAN, cvc2/cvv2, expiry date. The payload will be encrypted with an asymmetric public key, to enable end-to-end encryption to the card holder device. Only fields listed in the request ‘fields’ object will be returned. The caller is responsible of validating the integrity of the public key.

PCI DSS compliance

Processing payment information (PAN, expiry, CVC2/CVV2) is controlled with strict compliance regulations by the card schemes. There are multiple ways to access the card payment information in Enfuce’s APIs depending on the client solution, and whether the client is a card schema member themselves and therefore responsible for compliance.

The least complex way to take this functionality into use and keep your own systems outside the PCI DSS scope is to use the Initiate card data retrieval ( see /v4/card//controlToken below in this document). With that endpoint, the sensitive data is transported end-to-end between Enfuce’s service and the card-holder device, which keeps the client’s back-end systems outside of PCI DSS scope.

The alternative shown here (Get Card Payment Info) relies on that the client is responsible for PCI DSS compliance themselves to the card schema.

Example

// ...

import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import javax.crypto.Cipher;

// ...

// Example of how to decrypt an encrypted field
private String decrypt(String data, String privKeyPEM) throws Exception {
    // Prepare the key
    String privKeyString = privKeyPEM.replaceAll(\"\\\\n\", \"\").replace(\"-----BEGIN PRIVATE KEY-----\", \"\").replace(\"-----END PRIVATE KEY-----\", \"\");
    byte[] encodedKey = Base64.getDecoder().decode(privKeyString);
    PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(encodedKey);
    KeyFactory kf = KeyFactory.getInstance(\"RSA\");
    PrivateKey privateKey = kf.generatePrivate(spec);

    // Prepare the decryption
    Cipher cipher = Cipher.getInstance(\"RSA/ECB/OAEPWithSHA-256AndMGF1Padding\");
    cipher.init(Cipher.DECRYPT_MODE, privateKey);

    // Prepare the data
    byte[] cryptogram = Base64.getDecoder().decode(data);
    
    // Decrypt
    byte[] decryptedBytes = cipher.doFinal(cryptogram);
    return new String(decryptedBytes);
}

Path Parameters

id
string
required

The card id for given card

Query Parameters

auditUser
string
required

The audit user to log the request

Body

application/json

Request information needed to encrypt the card payment info

The body is of type object.

Response

200
application/json

Successful lookup and encryption of the card payment info.

The response is of type object.