Skip to content

Encrypting Card Data

To pull money from an external card, you need to register the card with connectFi first. The /acquiring/register endpoint requires that the card data be either encrypted or tokenized. For more information on tokenization, view the Getting Started > Tokenization section of the connectFi documentation.

One of either the "card" object or the "clearCard" object is required for the /acquiring/register endpoint. When the "clearCard" object is included, then tokenization of sensitive card data is required. The connectFi API uses tokenization to redact the sensitive card details such as the PAN and does not store the security code or card PAN at any point. It is your (the client's) responsibility to ensure that sensitive card data is redacted when being handled in your system.

When the "card" object is utilized, encryption is required. You will need to concatenate and encrypt the card PAN (full 16-digit card number), expiration date and CVV. Here is a code snippet that performs the encryption using the standard node.js crypto module. This example uses the public key method sha256. There are many other implementations for other languages and platforms.

The input arguments required by crypto are the user's public key and the concatenated card data. The result is an encrypted string with a length of 256 bits.

Make sure to npm install --save base64url crypto fs if you do not have these dependencies already in your project.

const pan = '1234567890123456' // the 16 digit Primary Account Number for the card
const expiryYYYYMM = '202211' // the date of expiration for the card
const cvv = '123' // the cvv code on the back of the card
const base64url = require("base64url").default;
const fs = require("fs");
const crypto = require("crypto"); //node standard crypto
const myKey = fs.readFileSync("./public.key");
const rawData = `${pan}|${expiryYYYYMM}|${cvv}`; //1234567890123456|202211|123
const encryptedData = crypto.publicEncrypt({
    key: myKey,
    padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
    oaepHash: "sha256",
  },
    Buffer.from(rawData)
  );
return base64url(encryptedData);