# Payment encryption When completing a cart payment via API, we provide in transit encryption. After you subscribe, we provide 2 parts to the encryption: 1. **Encryption key**: This key is used to pass payment information for every cart order. 2. **Helper function**: This is code in your app that securely processes the request. There are 2 use cases: 1. **Passthrough**: An end customer pays for a product using their card. This card is used to complete the transaction. 2. **Middleman**: An end customer pays you for a product using their card. Then you pass your card to complete the transaction. Below is a sample helper function that we provide to every customer. ```javascript const crypto = require('crypto') const { v4: uuidv4 } = require('uuid') // Load encryption key from environment (in production) // In this example we're creating a mock key const encryptKey = ENCRYPT_KEY /** * Encrypts payment information with a unique UUID and IV * @param {Object} paymentInfo - Object containing payment details * @returns {Object} - Object containing uuid, encrypted data and IV */ function encryptPaymentInfo(paymentInfo) { // Generate a unique ID for this encryption operation const uuid = uuidv4() // Generate a unique IV for this encryption const iv = crypto.randomBytes(16) // Convert payment info to JSON string const paymentInfoString = JSON.stringify(paymentInfo) // Create cipher with the unique IV const cipher = crypto.createCipheriv('aes-256-cbc', encryptKey, iv) // Encrypt the data let encrypted = cipher.update(paymentInfoString, 'utf8', 'hex') encrypted += cipher.final('hex') // Return both the encrypted data and the IV (as hex) return { encryptedData: encrypted, iv: iv.toString('hex'), } } module.exports = { encryptPaymentInfo } ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.searchagora.com/purchase/payment-encryption.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.