Welcome to our new developer portal! Use the "Ask" button to chat with our AI Agent.
Ctrlk

Encrypt sensitive data

Encrypt sensitive fields using JWE (RFC 7516) before sending them to D1.

To exchange sensitive information, the D1 eCom Enablement backend expects to receive (or send) sensitive data encrypted using the standard JWE format (https://datatracker.ietf.org/doc/html/rfc7516 ).

Sensitive information is encoded in JSON format before encryption.

D1 eCom Enablement backend uses the following configuration for JWE:

  • JWE base64url encoded string

  • "alg" (Algorithm) header parameter: ECDH-ES

  • "enc" (Encryption Algorithm) header parameter: A256GCM

  • "kid" (Key ID) header parameter: Key identifier corresponding to EC public key of the recipient

  • EC curve: P-256

Examples of sensitive data encryption

This section provides examples for encrypting sensitive fields as a compact JWE.

Example: encrypt card credentials

JSON field
Description
Required
Length

pan

The Primary Account Number

Yes

Up to 19

exp

The expiry date in the format MMYY

Yes

4

EC public key:

{
    "kty": "EC",
    "kid": "ASDsL-Jx2XOkRnFtqW-QblWY-mDnQW2LgapadFx75tA",
    "crv": "P-256",
    "x": "UbInEqNbZZZ9SJptBwKTKO6qslSyuWvMkVK44Bx_d8U",
    "y": "PUxeHMNVL0VRxOYJrkHcpe6sap7IG-Are0QborZDngI"
}

Clear data:

Code samples:

Examples of sensitive data decryption

In this section you can find few examples of a JWE object decryption.

PreviousGet an OAuth 2.0 access token

Last updated

Was this helpful?