Get Card Payment Info
This operation will respond with encrypted card payment info
This is a web service designed to give the card payment information needed for doing e-commerce payments, meaning full PAN, cvc2/cvv2, expiry date. The payload will be encrypted with an asymmetric public key, to enable end-to-end encryption to the card holder device. Only fields listed in the request ‘fields’ object will be returned. The caller is responsible of validating the integrity of the public key.
PCI DSS compliance
Processing payment information (PAN, expiry, CVC2/CVV2) is controlled with strict compliance regulations by the card schemes. There are multiple ways to access the card payment information in Enfuce’s APIs depending on the client solution, and whether the client is a card schema member themselves and therefore responsible for compliance.
The least complex way to take this functionality into use and keep your own systems outside the PCI DSS scope is to use the Initiate card data retrieval ( see /v4/card//controlToken below in this document). With that endpoint, the sensitive data is transported end-to-end between Enfuce’s service and the card-holder device, which keeps the client’s back-end systems outside of PCI DSS scope.
The alternative shown here (Get Card Payment Info) relies on that the client is responsible for PCI DSS compliance themselves to the card schema.
Example
Path Parameters
The card id for given card
Query Parameters
The audit user to log the request
Body
Request information needed to encrypt the card payment info
The body is of type object
.
Response
Successful lookup and encryption of the card payment info.
The response is of type object
.