Payment encryption
When completing a cart payment via API, we provide in transit encryption.
After you subscribe, we provide 2 parts to the encryption:
Encryption key: This key is used to pass payment information for every cart order.
Helper function: This is code in your app that securely processes the request.
There are 2 use cases:
Passthrough: An end customer pays for a product using their card. This card is used to complete the transaction.
Middleman: An end customer pays you for a product using their card. Then you pass your card to complete the transaction.
Below is a sample helper function that we provide to every customer.
const crypto = require('crypto')
const { v4: uuidv4 } = require('uuid')
// Load encryption key from environment (in production)
// In this example we're creating a mock key
const encryptKey = ENCRYPT_KEY
/**
* Encrypts payment information with a unique UUID and IV
* @param {Object} paymentInfo - Object containing payment details
* @returns {Object} - Object containing uuid, encrypted data and IV
*/
function encryptPaymentInfo(paymentInfo) {
// Generate a unique ID for this encryption operation
const uuid = uuidv4()
// Generate a unique IV for this encryption
const iv = crypto.randomBytes(16)
// Convert payment info to JSON string
const paymentInfoString = JSON.stringify(paymentInfo)
// Create cipher with the unique IV
const cipher = crypto.createCipheriv('aes-256-cbc', encryptKey, iv)
// Encrypt the data
let encrypted = cipher.update(paymentInfoString, 'utf8', 'hex')
encrypted += cipher.final('hex')
// Return both the encrypted data and the IV (as hex)
return {
encryptedData: encrypted,
iv: iv.toString('hex'),
}
}
module.exports = { encryptPaymentInfo }
Last updated
Was this helpful?