Upload Your Encryption Key
Payment information can be retrieved from the
Unified Checkout
platform by
invoking the Payment Credentials API. This API retrieves all of the data captured by
Unified Checkout
. This information is transmitted in an encrypted
format to ensure the security of the payment information while in transit. You must generate an encryption key pair to retrieve this encrypted payment information,
and the public encryption key must uploaded to the
Unified Checkout
system.
Generate a Public Private Key Pair
You must generate a public-private key pair to upload to the
Unified Checkout
system. The public key is uploaded to the
Unified Checkout
platform and is used to encrypt sensitive information in transit. The private key is used to decrypt the sensitive payment information on your server. Only the private key can properly decrypt the payment information.
IMPORTANT
You must secure your private decryption key. This key must never be exposed to any externaljava.io.PrintWriter@6ef09e29 systems or it will risk the integrity of the secure channel.
Unified Checkout
accepts only keys that meet these requirements:
-
Only RSA keys are supported. Elliptical curves are not supported.
-
The minimum accepted RSA key size is 2048 bits.
-
RSA keys must be in JWK format. More information on JWK format is available here:
-
The key ID must be a valid UUID.
Uploading Your Key Pair
When you have generated your encryption key pairs, you can upload your key to the
Unified Checkout
platform. Keys can be loaded at any hierarchy that is enabled for them and are used for all child entities that do not have keys loaded. You can upload a key at parent and child levels, but child keys override parent keys.
Follow these steps to upload your key pair:
-
Navigate toPayment Configuration > Unified Checkout. TheUnified Checkoutconfiguration page opens.
-
ClickEnabled. You can upload your key in the appropriate section.
-
Upload the public encryption key in JWK format, and clickSave.