You can allow your cardholders to access the details of their Adyen-issued card within your app or website. This page explains how to implement a feature to securely reveal card details in your user interface, such as:
- Card verification code (CVC)
- Expiration date
- Primary account number (PAN)
To reveal the card details in your user interface, you must first get the card details data from Adyen. To securely request the data, you use a base64-encoded RSA public key and an Advanced Encryption Standard (AES) key to generate an encrypted session key.
Use the session key to request Adyen to reveal the card details. This response contains the encrypted card data assigned to the Adyen-issued card. You must extract the data from the decrypted response and then reveal them to the cardholder in your interface.
The following sequence diagram illustrates the workflow.
As shown in the diagram, the steps for revealing the card details are:
- Get an RSA public key from Adyen.
- Generate an AES key.
- Generate an encrypted session key.
- Request card details from Adyen.
- Decrypt and reveal the card details in your user interface.
Requirements
Ensure that:
- You have API credentials for the Configuration API.
- Your API credential has the Bank Issuing PAN Reveal Webservice role.
Get a public key from Adyen
You need a base64-encoded RSA public key to generate an encrypted session key. You must use the Configuration API to get the public key from Adyen.
To get a public key:
-
Make a GET /publicKey request with the query parameter purpose set to panReveal.
The response contains:
- The public key
- The expiry date of the public key
-
Pass the publicKey to your front end.
Generate an AES key
You need a 256-bit AES encryption key to generate an encrypted session key. You can generate this key by using a random bit generator.
Generate an encrypted session key
You need an encrypted symmetric session key to securely request the card details from Adyen. To generate the encrypted session key, encrypt the AES key you generated key you generated in the previous step.
For the encryption, use:
- The publicKey that you received from Adyen.
- The RSA encryption algorithm, version PKCS 1.
Request card details from Adyen
Request from Adyen the encrypted card details as follows:
-
Make a POST /paymentInstruments/reveal request and specify the following parameters:
Parameter Description paymentInstrumentId The unique identifier of the card for which you are revealing the details. encryptedKey The encrypted symmetric session key. The response contains the encryptedData.
-
Pass the encryptedData to your client.
Decrypt and reveal card details
To reveal the card details you must:
- Decrypt the
encryptedData
using:- The AES key that you previously generated.
- The AES algorithm in CBC mode with PKCS 5 padding.
- Render the extracted card details in your app or on your website.
The following code is an example of decrypted card details.
After decrypting the data, you can reveal it to the cardholder in your interface.