Encryption
Last updated: Sept 23rd, 8:12pm
Important: PayPal Provisioning Platform is a limited-release solution available only to select partners at this time. For more information, reach out to your PayPal Account Manager.
PayPal recommends and supports encrypting the card PAN when sending sensitive financial instrument identifiers using JWE tokens. JWE PAN encryption is available in the Consumer Referral and the Linked Instruments APIs, in Sandbox and Live environments within the card_accounts
JSON object as follows:
1"card_accounts":[2 {3 "identifier":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBLU9BRVAifQ.FNGgAyitajvujmUMOnXQsSrsEv8jUaBTx3gmaCbspSxqKtiu_8NPLIRoEp3sUhM_SoYfmK4GP--iOST215W7XopN_awjnjDYGuMYd31lT1o02xg1wJjibdHtQpcW3RrBFoEyvmrfN44ZSaXhgkhwaZ1cGR_KgbdvtWm2xEaCV_W6HC78gs5A_4REftp40CT9hC-9lq1TQZh5pQxSRnmPihDfBbkXIm5Arciiyu5f7c6GP_TwRFJmA3gsBFVugUvonT_2QCLAgIASFsFUjvfuxGWgI03diGsKAWxvTniwAW05PnSG5ApK0mykuV50GyJBm9GIcWj1kgZuZcLO3FknWQ.maRfYRn9ObALsUzMLC2spQ.k0BiPAMLNwRIPYRsDnhs7ZBKYWDZghKrqPsD5Ukdefg.GPPSTXo6oYXfH1OxQSTVKw",4 "reference_financial_instrument_id":"B2121XYZ",5 "expiry_date":"2020-12",6 "billing_address":{7 "address_line_1":"2211 N 1st Street",8 "admin_area_1":"CA",9 "admin_area_2":"San Jose",10 "country_code":"US",11 "postal_code":"95035"12 },13 "account_holder_name":{14 "given_name":"John",15 "surname":"Smith"16 }17 }18]
To use JWE PAN Encryption, inform your Solution Engineer so they can provide the appropriate request and the required public certificates needed to encrypt data.
-
Ensure you have received the public certificate signed by PayPal for both Sandbox and Live.
-
Use JSON Compact serialization to assemble the final string as follows:
String Description BASE64URL(UTF8)
JWE Protected Header .BASE64URL
JWE Encrypted Key
Next
- Add card art if you want to use a separate API to add card art.