Get card
Get Card Payment Info
Get card
Get Card Payment Info
This is a web service designed to give the card payment information needed for doing e-commerce payments, meaning full PAN, cvc2/cvv2, expiry date. The
payload will be encrypted with an asymmetric public key, to enable end-to-end encryption to the card holder device. Only fields listed in the request 'fields'
object will be returned. The caller is responsible of validating the integrity of the public key.
### PCI DSS compliance
Processing payment information (PAN, expiry, CVC2/CVV2) is controlled with strict compliance regulations by the
card schemes. There are multiple ways to access the card payment information in Enfuce's APIs depending on the
client solution, and whether the client is a card schema member themselves and therefore responsible for
compliance.
The least complex way to take this functionality into use and keep your own systems outside the PCI DSS scope is
to use the **Initiate card data retrieval** ( see /v4/card/{cardId}/controlToken below in this document).
With that endpoint, the sensitive data is transported end-to-end between Enfuce's service and the card-holder
device, which keeps the client's back-end systems outside of PCI DSS scope.
The alternative shown here (Get Card Payment Info) relies on that the client is responsible for PCI DSS compliance
themselves to the card schema.
### Example
// ...
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Base64;
import javax.crypto.Cipher;
// ...
// Example of how to decrypt an encrypted field
private String decrypt(String data, String privKeyPEM) throws Exception {
// Prepare the key
String privKeyString = privKeyPEM.replaceAll("\\n", "").replace("-----BEGIN PRIVATE KEY-----", "").replace("-----END PRIVATE KEY-----", "");
byte[] encodedKey = Base64.getDecoder().decode(privKeyString);
PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(encodedKey);
KeyFactory kf = KeyFactory.getInstance("RSA");
PrivateKey privateKey = kf.generatePrivate(spec);
// Prepare the decryption
Cipher cipher = Cipher.getInstance("RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
cipher.init(Cipher.DECRYPT_MODE, privateKey);
// Prepare the data
byte[] cryptogram = Base64.getDecoder().decode(data);
// Decrypt
byte[] decryptedBytes = cipher.doFinal(cryptogram);
return new String(decryptedBytes);
}
POST
/
v3
/
{id}
/
encryptcardpaymentinfo
Path Parameters
id
string
requiredThe card id for given card
Query Parameters
auditUser
string
requiredThe audit user to log the request
Body
application/json
encryptionKey
string
requiredPublic key used to encrypt the fields in the result.
encryptionMethod
enum<string>
In this field the encryption method is selected. This is to prepare for future use since only one method is supported.
- RSA_ECB_OAEP_SHA256_MGF1_2048 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding. Public key length 2048.
Available options:
RSA_ECB_OAEP_SHA256_MGF1_2048 fields
enum<string>[]
In this field you can list which fields the service should encrypt and return. If a field is not listed, it will be left out from the response. Note that only fullCardNumber and cvv2 will be encrypted.
- fullCardNumber - PAN number (card number) for the card
- expirationDate - The expiration date of the card, in format MM/YY
- cvv2 - The CVV2 (if Visa), or CVC2 (if Mastercard) value
Available options:
fullCardNumber, expirationDate, cvv2 Response
200 - application/json
fullCardNumber
string
The enrypted full card number (PAN). Base64 encoded
expirationDate
string
The expiration date of the card, in format MMYY
cvv2
string
The encrypted CVV2 (if Visa), or CVC2 (if Mastercard) value. Base64 encoded