Encryption

DOCS

Last updated: Sept 23rd, 8:12pm

PayPal recommends and supports encrypting the card PAN when sending sensitive financial instrument identifiers using JWE tokens. JWE PAN encryption is available in the Consumer Referral and the Linked Instruments APIs, in Sandbox and Live environments within the card_accounts JSON object as follows:

    1"card_accounts":[
    2 {
    3 "identifier":"eyJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBLU9BRVAifQ.FNGgAyitajvujmUMOnXQsSrsEv8jUaBTx3gmaCbspSxqKtiu_8NPLIRoEp3sUhM_SoYfmK4GP--iOST215W7XopN_awjnjDYGuMYd31lT1o02xg1wJjibdHtQpcW3RrBFoEyvmrfN44ZSaXhgkhwaZ1cGR_KgbdvtWm2xEaCV_W6HC78gs5A_4REftp40CT9hC-9lq1TQZh5pQxSRnmPihDfBbkXIm5Arciiyu5f7c6GP_TwRFJmA3gsBFVugUvonT_2QCLAgIASFsFUjvfuxGWgI03diGsKAWxvTniwAW05PnSG5ApK0mykuV50GyJBm9GIcWj1kgZuZcLO3FknWQ.maRfYRn9ObALsUzMLC2spQ.k0BiPAMLNwRIPYRsDnhs7ZBKYWDZghKrqPsD5Ukdefg.GPPSTXo6oYXfH1OxQSTVKw",
    4 "reference_financial_instrument_id":"B2121XYZ",
    5 "expiry_date":"2020-12",
    6 "billing_address":{
    7 "address_line_1":"2211 N 1st Street",
    8 "admin_area_1":"CA",
    9 "admin_area_2":"San Jose",
    10 "country_code":"US",
    11 "postal_code":"95035"
    12 },
    13 "account_holder_name":{
    14 "given_name":"John",
    15 "surname":"Smith"
    16 }
    17 }
    18]

    To use JWE PAN Encryption, inform your Solution Engineer so they can provide the appropriate request and the required public certificates needed to encrypt data.

    • Ensure you have received the public certificate signed by PayPal for both Sandbox and Live.

    • Use JSON Compact serialization to assemble the final string as follows:

      String Description
      BASE64URL(UTF8) JWE Protected Header
      .BASE64URL JWE Encrypted Key

    Next

    • Add card art if you want to use a separate API to add card art.

    If you accept cookies, we’ll use them to improve and customize your experience and enable our partners to show you personalized PayPal ads when you visit other sites. Manage cookies and learn more