Payment encryption

When completing a cart payment via API, we provide in transit encryption.

After you subscribe, we provide 2 parts to the encryption:

Encryption key: This key is used to pass payment information for every cart order.
Helper function: This is code in your app that securely processes the request.

There are 2 use cases:

Passthrough: An end customer pays for a product using their card. This card is used to complete the transaction.
Middleman: An end customer pays you for a product using their card. Then you pass your card to complete the transaction.

Below is a sample helper function that we provide to every customer.

const crypto = require('crypto')
const { v4: uuidv4 } = require('uuid')

// Load encryption key from environment (in production)
// In this example we're creating a mock key
const encryptKey = ENCRYPT_KEY

/**
 * Encrypts payment information with a unique UUID and IV
 * @param {Object} paymentInfo - Object containing payment details
 * @returns {Object} - Object containing uuid, encrypted data and IV
 */
function encryptPaymentInfo(paymentInfo) {
  // Generate a unique ID for this encryption operation
  const uuid = uuidv4()

  // Generate a unique IV for this encryption
  const iv = crypto.randomBytes(16)

  // Convert payment info to JSON string
  const paymentInfoString = JSON.stringify(paymentInfo)

  // Create cipher with the unique IV
  const cipher = crypto.createCipheriv('aes-256-cbc', encryptKey, iv)

  // Encrypt the data
  let encrypted = cipher.update(paymentInfoString, 'utf8', 'hex')
  encrypted += cipher.final('hex')

  // Return both the encrypted data and the IV (as hex)
  return {
    encryptedData: encrypted,
    iv: iv.toString('hex'),
  }
}

module.exports = { encryptPaymentInfo }

Last updated 10 months ago