Encryption

PayPal recommends and supports encrypting the card PAN when sending sensitive financial instrument identifiers using JWE tokens. JWE PAN encryption is available in the Consumer Referral and the Linked Instruments APIs, in Sandbox and Live environments within the card_accounts JSON object as follows:

1"card_accounts":[  
2    {  
3        "identifier":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBLU9BRVAifQ.FNGgAyitajvujmUMOnXQsSrsEv8jUaBTx3gmaCbspSxqKtiu_8NPLIRoEp3sUhM_SoYfmK4GP--iOST215W7XopN_awjnjDYGuMYd31lT1o02xg1wJjibdHtQpcW3RrBFoEyvmrfN44ZSaXhgkhwaZ1cGR_KgbdvtWm2xEaCV_W6HC78gs5A_4REftp40CT9hC-9lq1TQZh5pQxSRnmPihDfBbkXIm5Arciiyu5f7c6GP_TwRFJmA3gsBFVugUvonT_2QCLAgIASFsFUjvfuxGWgI03diGsKAWxvTniwAW05PnSG5ApK0mykuV50GyJBm9GIcWj1kgZuZcLO3FknWQ.maRfYRn9ObALsUzMLC2spQ.k0BiPAMLNwRIPYRsDnhs7ZBKYWDZghKrqPsD5Ukdefg.GPPSTXo6oYXfH1OxQSTVKw",
4        "reference_financial_instrument_id":"B2121XYZ",
5        "expiry_date":"2020-12",
6        "billing_address":{  
7            "address_line_1":"2211 N 1st Street",
8            "admin_area_1":"CA",
9            "admin_area_2":"San Jose",
10            "country_code":"US",
11            "postal_code":"95035"
12        },
13        "account_holder_name":{  
14            "given_name":"John",
15            "surname":"Smith"
16        }
17    }
18]

To use JWE PAN Encryption, inform your Solution Engineer so they can provide the appropriate request and the required public certificates needed to encrypt data.

• Ensure you have received the public certificate signed by PayPal for both Sandbox and Live.

• Use JSON Compact serialization to assemble the final string as follows:

  String	Description
  BASE64URL(UTF8)	JWE Protected Header
  .BASE64URL	JWE Encrypted Key

Next

• Add card art if you want to use a separate API to add card art.