Praxis Wiki logo
Praxis Wiki
Version:
latest (API 1.3)
  • 3.3 (API 1.1)
  • 3.4 (API 1.2)
  • latest (API 1.3)
    • Login

    Objects Card Data(Encrypted)

    This method is more secure way to send credit card data in API request for direct card method, than card data (Card Data). Praxis allows you to choose whether your credit card information is sent encrypted or in an open format.
    To enable encrypted method, please send a request to our support email.

    {danger.fa-exclamation-triangle} IMPORTANT: In order to collect, store and/or transfer the card details over API the merchant needs to be compliant with PCI DSS.

    STRUCTURE - FOR PCI COMPLIANT MERCHANTS

    The following definition for card_data object is applicable for PCI compliant merchants, here the full card details are sent within the API request body.

    ✓ - required value
    ? - optional, value or null
    ✕ - always appears as null

    Variable Type Auth Sale Payout Description
    card_number varchar(64) Card number encrypted with aes-256-cbc, see encryption algorithm below
    card_exp varchar(32) Card expiration date encrypted with aes-256-cbc, see encryption algorithm below
    cvv varchar(32) Card security code encrypted with aes-256-cbc, see encryption algorithm below

    The encryption for the card details under card_data object must be done using the aes-256-cbc algorithm.
    Key - merchant secret key
    IV (Initialization Vector) - timestamp from the request body.

    For both values zero-padding should be added to the first part of the string. See an example of such zero-padding:
    Before - «SomeSecretKey», after - «0000000000000000000SomeSecretKey»
    Before - «1628062452», after - «0000001628062452»

    STRUCTURE - HPF

    The following definition for card_data object is applicable for HPF integration - card details are collected by Praxis via hosted payment fields integrated on the merchant’s payment page.

    ✓ - required value
    ? - optional, value or null
    ✕ - always appears as null

    Variable Type Auth Sale Payout Description
    hpf_auth_token text Token is used within HPF, should be received as a result of tokenizeCard function call

    CODE EXAMPLE

      /**
   * Method for encryption using AES algorithm
   *
   * @param  string $valueForEncryption  The parameter to be encrypted - card_number, card_exp, cvv
   * @param  string $merchantSecret  Merchant’s secret key
   * @param  int $requestTimestamp   Timestamp from the request body
   *
   * @return  string
   */

  public function encrypt(string $valueForEncryption, string $merchantSecret, int $requestTimestamp) : string
  {
        $method = ‘aes-256-cbc’;
        $key = str_pad($merchantSecret, 32, ‘0’, STR_PAD_LEFT);
        $iv = str_pad($requestTimestamp, 16, ‘0’, STR_PAD_LEFT);
        $encrypted = openssl_encrypt($valueForEncryption, $method, $key, OPENSSL_RAW_DATA, $iv);

        return base64_encode($encrypted);
  }

    EXAMPLE

    {
    "card_number": "ZMq4wDaiaQ/xOwMEcQ7R3ASjTnoOMu+avLuJYgAnz1Q=",
    "card_exp": "WI8V4bE5/l8fIhUv6aMO8w==",
    "cvv": "BCm5yhYeeYoJlsOSIRd8Mg=="
}
    2022 © PRAXIS CASHIER