{"title":"Change PIN using standard encryption methods","category":"default","creationDate":1776961628,"content":"<p>In addition to allowing cardholders to view their card PIN, you can allow them to change their PIN within your app or website. This page explains how to implement a feature to securely change PINs in your user interface.<\/p>\n<p>To securely request a PIN change, you must use a base64-encoded <a href=\"https:\/\/en.wikipedia.org\/wiki\/RSA_(cryptosystem)\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">RSA<\/a> public key and an <a href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">Advanced Encryption Standard (AES)<\/a> key to generate an encrypted session key.<\/p>\n<p>Use the session key and a 16-digit token to generate an encrypted <a href=\"https:\/\/www.pcisecuritystandards.org\/glossary\/pin-block\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">PIN block<\/a>. This PIN block contains the new PIN that your cardholder wants to assign to their Adyen-issued card. You must send the PIN block to Adyen in a POST&nbsp; <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/pins\/change<\/a> request. Adyen then decrypts the PIN block and registers the new PIN.  <\/p>\n<p>The following sequence diagram illustrates the workflow.<\/p>\n<p><img alt=\"\" src=\"\/user\/pages\/docs\/07.issuing\/17.manage-card-data\/08.change-pin\/pin-change.svg?decoding=auto&amp;fetchpriority=auto\" \/><\/p>\n<p>As shown in the diagram, the steps for changing a PIN are:<\/p>\n<ol>\n<li><a href=\"#get-public-key\">Get a public key from Adyen<\/a>.<\/li>\n<li><a href=\"#generate-aes-key\">Generate an AES key<\/a>.<\/li>\n<li><a href=\"#encrypt-session-key\">Generate an encrypted session key<\/a>.<\/li>\n<li><a href=\"#generate-a-token\">Generate an encryption token<\/a>.<\/li>\n<li><a href=\"#generate-encrypted-pin-block\">Generate an encrypted PIN block<\/a>.<\/li>\n<li><a href=\"#request-pin-change\">Request a PIN change to Adyen<\/a>.<\/li>\n<\/ol>\n<h2>Requirements<\/h2>\n<p>Make sure that:<\/p>\n<ul>\n<li>You have <a href=\"\/pt\/issuing\/manage-access\/api-credentials-web-service\">API credentials<\/a> for the <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/overview\" class=\"codeLabel external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Configuration API<\/a>.<\/li>\n<li>Your API credential has the <strong>Bank Issuing PIN Change Webservice role<\/strong>.<\/li>\n<\/ul>\n<h2 id=\"get-public-key\">Get a public key from Adyen<\/h2>\n<p>You need a base64-encoded <a href=\"https:\/\/en.wikipedia.org\/wiki\/RSA_(cryptosystem)\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">RSA<\/a> public key to <a href=\"#encrypt-aes-key\">generate an encrypted session key<\/a>. You must use the  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/overview\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Configuration API<\/a> to get the public key from Adyen.<\/p>\n<p>To get a public key:<\/p>\n<ol>\n<li>\n<p>Make a GET  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/get\/publicKey\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/publicKey<\/a> request with the query parameter  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/get\/publicKey#query-purpose\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">purpose<\/a> set to <strong>pinChange<\/strong>.<\/p>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Get a public key'\" :id=\"'get-public-key'\" :code-data=\"[{&quot;language&quot;:&quot;bash&quot;,&quot;tabTitle&quot;:&quot;curl&quot;,&quot;content&quot;:&quot;curl https:\\\/\\\/balanceplatform-api-test.adyen.com\\\/bcl\\\/v2\\\/publicKey?purpose=pinChange \\\\\\n-H 'x-api-key: ADYEN_BALANCE_PLATFORM_API_KEY' \\\\\\n-H 'content-type: application\\\/json' \\\\\\n-X GET \\\\\\n-d ''&quot;},{&quot;language&quot;:&quot;java&quot;,&quot;tabTitle&quot;:&quot;Java&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Java API Library v33.0.0\\nimport com.adyen.Client;\\nimport com.adyen.enums.Environment;\\nimport com.adyen.model.balanceplatform.*;\\nimport java.time.OffsetDateTime;\\nimport java.util.*;\\nimport com.adyen.service.balancePlatform.*;\\n\\nClient client = new Client(\\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;, Environment.TEST);\\n\\\/\\\/ Send the request\\nManageCardPinApi service = new ManageCardPinApi(client);\\nPublicKeyResponse response = service.publicKey(\\&quot;String\\&quot;, \\&quot;String\\&quot;, null);&quot;},{&quot;language&quot;:&quot;php&quot;,&quot;tabTitle&quot;:&quot;PHP&quot;,&quot;content&quot;:&quot;&lt;?php\\n\\\/\\\/ Adyen PHP API Library v24.0.0\\nuse Adyen\\\\Client;\\nuse Adyen\\\\Environment;\\nuse Adyen\\\\Service\\\\BalancePlatform\\\\ManageCardPINApi;\\n\\n$client = new Client();\\n$client-&gt;setXApiKey(\\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;);\\n$client-&gt;setEnvironment(Environment::TEST);\\n\\n$requestOptions['queryParams'] = array('purpose' =&gt; 'string', 'format' =&gt; 'string');\\n\\n\\\/\\\/ Send the request\\n$service = new ManageCardPINApi($client);\\n$response = $service-&gt;publicKey($requestOptions);&quot;},{&quot;language&quot;:&quot;cs&quot;,&quot;tabTitle&quot;:&quot;C#&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen .net API Library v28.0.0\\nusing Adyen;\\nusing Environment = Adyen.Model.Environment;\\nusing Adyen.Model;\\nusing Adyen.Model.BalancePlatform;\\nusing Adyen.Service.BalancePlatform;\\n\\nvar config = new Config()\\n{\\n    XApiKey = \\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;,\\n    Environment = Environment.Test\\n};\\nvar client = new Client(config);\\n\\n\\\/\\\/ Send the request\\nvar service = new ManageCardPINService(client);\\nvar response = service.PublicKey(purpose: \\&quot;string\\&quot;, format: \\&quot;string\\&quot;);&quot;},{&quot;language&quot;:&quot;js&quot;,&quot;tabTitle&quot;:&quot;NodeJS (JavaScript)&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Node API Library v23.3.0\\nconst { Client, BalancePlatformAPI } = require('@adyen\\\/api-library');\\n\\nconst client = new Client({ apiKey: \\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;, environment: \\&quot;TEST\\&quot; });\\n\\n\\\/\\\/ Send the request\\nconst balancePlatformAPI = new BalancePlatformAPI(client);\\nconst response = balancePlatformAPI.ManageCardPINApi.publicKey(\\&quot;string\\&quot;, \\&quot;string\\&quot;);&quot;},{&quot;language&quot;:&quot;go&quot;,&quot;tabTitle&quot;:&quot;Go&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Go API Library v17.0.0\\nimport (\\n  \\&quot;context\\&quot;\\n  \\&quot;github.com\\\/adyen\\\/adyen-go-api-library\\\/v17\\\/src\\\/common\\&quot;\\n  \\&quot;github.com\\\/adyen\\\/adyen-go-api-library\\\/v17\\\/src\\\/adyen\\&quot;\\n  \\&quot;github.com\\\/adyen\\\/adyen-go-api-library\\\/v17\\\/src\\\/balancePlatform\\&quot;\\n)\\nclient := adyen.NewClient(&amp;common.Config{\\n  ApiKey:      \\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;,\\n  Environment: common.TestEnv,\\n})\\n\\n\\\/\\\/ Send the request\\nservice := client.BalancePlatform()\\nreq := service.ManageCardPINApi.PublicKeyInput()\\nreq = req.Purpose(\\&quot;string\\&quot;).Format(\\&quot;string\\&quot;)\\nres, httpRes, err := service.ManageCardPINApi.PublicKey(context.Background(), req)&quot;},{&quot;language&quot;:&quot;py&quot;,&quot;tabTitle&quot;:&quot;Python&quot;,&quot;content&quot;:&quot;# Adyen Python API Library v13.3.0\\nimport Adyen\\n\\nadyen = Adyen.Adyen()\\nadyen.client.xapikey = \\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;\\nadyen.client.platform = \\&quot;test\\&quot; # The environment to use library in.\\n\\nquery_parameters = {\\n  \\&quot;purpose\\&quot; : \\&quot;string\\&quot;,\\n  \\&quot;format\\&quot; : \\&quot;string\\&quot;\\n}\\n\\n# Send the request\\nresult = adyen.balancePlatform.manage_card_pin_api.public_key(query_parameters=query_parameters)&quot;},{&quot;language&quot;:&quot;rb&quot;,&quot;tabTitle&quot;:&quot;Ruby&quot;,&quot;content&quot;:&quot;# Adyen Ruby API Library v10.1.1\\nrequire \\&quot;adyen-ruby-api-library\\&quot;\\n\\nadyen = Adyen::Client.new\\nadyen.api_key = 'ADYEN_BALANCE_PLATFORM_API_KEY'\\nadyen.env = :test # Set to \\&quot;live\\&quot; for live environment\\n\\n# Create the request object(s)\\nquery_params = {\\n  :purpose =&gt; 'string',\\n  :format =&gt; 'string'\\n}\\n\\n# Send the request\\nresult = adyen.balancePlatform.manage_card_pin_api.public_key(query_params: query_params)&quot;},{&quot;language&quot;:&quot;ts&quot;,&quot;tabTitle&quot;:&quot;NodeJS (TypeScript)&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Node API Library v23.3.0\\nimport { Client, BalancePlatformAPI, Types } from \\&quot;@adyen\\\/api-library\\&quot;;\\n\\nconst client = new Client({ apiKey: \\&quot;ADYEN_BALANCE_PLATFORM_API_KEY\\&quot;, environment: \\&quot;TEST\\&quot; });\\n\\n\\\/\\\/ Send the request\\nconst balancePlatformAPI = new BalancePlatformAPI(client);\\nconst response = balancePlatformAPI.ManageCardPINApi.publicKey(\\&quot;string\\&quot;, \\&quot;string\\&quot;);&quot;}]\" :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<p>The response contains:<\/p>\n<ul>\n<li>The public key<\/li>\n<li>The expiry date of the public key<\/li>\n<\/ul>\n<div data-component-wrapper=\"code-sample\">\n<code-sample :title=\"'Response'\" :id=\"''\" :code-data='[{\"language\":\"json\",\"tabTitle\":\"\",\"content\":\"{\\n    \\\"publicKey\\\": \\\"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMII...\\\",\\n    \\\"publicKeyExpiryDate\\\": \\\"2023-12-12\\\"\\n}\"}]' :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<\/li>\n<li>\n<p>Pass the  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/get\/publicKey#responses-200-publicKey\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">publicKey<\/a> to your front end.<\/p>\n<\/li>\n<\/ol>\n<h2 id=\"generate-aes-key\">Generate an AES key<\/h2>\n<p>You need a 256-bit <a href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">AES<\/a> encryption key to <a href=\"#encrypt-aes-key\">generate an encrypted session key<\/a>. You can generate this key by using a random bit generator.<\/p>\n<h2 id=\"encrypt-session-key\">Generate an encrypted session key<\/h2>\n<p>You need an encrypted symmetric session key to securely <a href=\"#request-a-pin-change\">request the PIN change<\/a> to Adyen. To generate the encrypted session key, encrypt the <a href=\"#generate-aes-key\">AES key you generated<\/a> in the previous step.<\/p>\n<p>For the encryption, use:<\/p>\n<ul>\n<li>The  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/get\/publicKey#responses-200-publicKey\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">publicKey<\/a> that you <a href=\"#get-public-key\">received from Adyen<\/a>.<\/li>\n<li>The <a href=\"https:\/\/en.wikipedia.org\/wiki\/RSA_(cryptosystem)\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">RSA<\/a> encryption algorithm, version <a href=\"https:\/\/en.wikipedia.org\/wiki\/PKCS_1\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">PKCS 1<\/a>.<\/li>\n<\/ul>\n<h2 id=\"generate-a-token\">Generate an encryption token<\/h2>\n<p>You need a token as an intermediate step to <a href=\"#generate-encrypted-pin-block\">generate the encrypted PIN block<\/a>. To get a token, generate a 16-digit random number that does not contain zeros. <\/p>\n<p>Example token: <strong>8374188662676926<\/strong><\/p>\n<h2 id=\"generate-encrypted-pin-block\">Generate an encrypted PIN block<\/h2>\n<p>You must embed the PIN in an encrypted PIN block before sending it to Adyen. Encrypt the PIN block using the <a href=\"https:\/\/listings.pcisecuritystandards.org\/documents\/Implementing_ISO_Format_4_PIN_Blocks_Information_Supplement.pdf\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">ISO format 4 (ISO-4)<\/a> encryption method.<\/p>\n<p>To encrypt a PIN block using the ISO format 4 method:<\/p>\n<ol>\n<li>Format the <a href=\"#generate-a-token\">token that you previously generated<\/a>. To do this, create a hexadecimal string of 32 characters as follows:\n<ol>\n<li>\"4\" as the first character<\/li>\n<li>The token<\/li>\n<li>The character \"0\" repeated 15 times.<br \/>\nExample: <strong>4<\/strong> + <strong>8374188662676926<\/strong> + <strong>000000000000000<\/strong><\/li>\n<\/ol><\/li>\n<li>Convert the formatted token into a 16-byte array.<\/li>\n<li>Format the new PIN. To do this, create a hexadecimal string of 32 characters as follows:\n<ol>\n<li>The string \"44\"<\/li>\n<li>The new PIN<\/li>\n<li>10 times the character \"A\"<\/li>\n<li>16 random hexadecimal characters<br \/>\nExample: <strong>44<\/strong> + <strong>5454<\/strong> + <span translate=\"no\"><strong>AAAAAAAAAA<\/strong><\/span> + <span translate=\"no\"><strong>70cd3917e96891f8<\/strong><\/span><\/li>\n<\/ol><\/li>\n<li>Convert the formatted PIN into a 16-byte array.<\/li>\n<li>Encrypt the 16-byte PIN data using <a href=\"https:\/\/en.wikipedia.org\/wiki\/Advanced_Encryption_Standard\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">AES<\/a> in <a href=\"https:\/\/en.wikipedia.org\/wiki\/Block_cipher_mode_of_operation#Electronic_codebook_(ECB)\" target=\"_blank\" rel=\"nofollow noopener noreferrer\" class=\"external-link no-image\">ECB mode<\/a> with the <a href=\"#generate-aes-key\">key that you previously generated<\/a>.<\/li>\n<li>Combine the 16-byte token data and the encrypted PIN data into one 16-byte array by doing an XOR.<\/li>\n<li>Encrypt the combined array using AES in ECB mode with the <a href=\"#generate-aes-key\">key that you previously generated<\/a>.<\/li>\n<li>Convert this encrypted data into a hexadecimal string.<\/li>\n<\/ol>\n<p>The hexadecimal string is the encrypted PIN block that you must send to Adyen when you <a href=\"#request-pin-change\">request the PIN change<\/a>.<\/p>\n<h2 id=\"request-pin-change\">Request a PIN change to Adyen<\/h2>\n<p>To request a PIN change, make a POST&nbsp; <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">\/pins\/change<\/a> call and specify the following request parameters:<\/p>\n<table>\n<thead>\n<tr>\n<th>Parameter<\/th>\n<th>Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td> <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change#request-paymentInstrumentId\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">paymentInstrumentId<\/a><\/td>\n<td>The unique identifier of the card for which you are changing the PIN.<\/td>\n<\/tr>\n<tr>\n<td> <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change#request-encryptedKey\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">encryptedKey<\/a><\/td>\n<td>The symmetric session AES key.<\/td>\n<\/tr>\n<tr>\n<td> <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change#request-token\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">token<\/a><\/td>\n<td>The token that you used to generate the encrypted PIN block.<\/td>\n<\/tr>\n<tr>\n<td> <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change#request-encryptedPinBlock\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">encryptedPinBlock<\/a><\/td>\n<td>The <a href=\"#generate-encrypted-pin-block\">encrypted PIN block<\/a>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>The following code sample shows how to request a PIN change.<\/p>\n<div data-component-wrapper=\"code-sample\">\n    <code-sample :title=\"'Request a PIN change'\" :id=\"'request-pin-change'\" :code-data=\"[{&quot;language&quot;:&quot;bash&quot;,&quot;tabTitle&quot;:&quot;curl&quot;,&quot;content&quot;:&quot;curl https:\\\/\\\/balanceplatform-api-test.adyen.com\\\/bcl\\\/v2\\\/pins\\\/change \\\\\\n-H 'x-api-key: ADYEN_BALANCE_PLATFORM_API_KEY' \\\\\\n-H 'content-type: application\\\/json' \\\\\\n-X POST \\\\\\n-d '{\\n    \\&quot;paymentInstrumentId\\&quot;: \\&quot;PI0000000000000000000001\\&quot;,\\n    \\&quot;encryptedKey\\&quot;: \\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;,\\n    \\&quot;encryptedPinBlock\\&quot;: \\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;,\\n    \\&quot;token\\&quot; : \\&quot;8374188662676926\\&quot;\\n}'&quot;},{&quot;language&quot;:&quot;java&quot;,&quot;tabTitle&quot;:&quot;Java&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Java API Library v25.0.0\\nimport com.adyen.Client;\\nimport com.adyen.enums.Environment;\\nimport com.adyen.model.balancePlatform.*;\\nimport java.time.OffsetDateTime;\\nimport java.util.*;\\nimport com.adyen.service.balancePlatform.*;\\n\\nClient client = new Client(\\&quot;ADYEN_API_KEY\\&quot;, Environment.TEST);\\n\\n\\\/\\\/ Create the request object(s)\\nPinChangeRequest pinChangeRequest = new PinChangeRequest()\\n  .encryptedKey(\\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;)\\n  .paymentInstrumentId(\\&quot;PI6789678967896789\\&quot;)\\n  .encryptedPinBlock(\\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;)\\n  .token(\\&quot;5555341244441115\\&quot;);\\n\\n\\\/\\\/ Make the API call\\nManageCardPinApi service = new ManageCardPinApi(client);\\nPinChangeResponse response = service.changeCardPin(pinChangeRequest, null);&quot;},{&quot;language&quot;:&quot;php&quot;,&quot;tabTitle&quot;:&quot;PHP&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen PHP API Library v17.4.0\\nuse Adyen\\\\Client;\\nuse Adyen\\\\Environment;\\nuse Adyen\\\\Model\\\\BalancePlatform\\\\PinChangeRequest;\\nuse Adyen\\\\Service\\\\BalancePlatform\\\\ManageCardPINApi;\\n\\n$client = new Client();\\n$client-&gt;setXApiKey(\\&quot;ADYEN_API_KEY\\&quot;);\\n$client-&gt;setEnvironment(Environment::TEST);\\n\\n\\n\\\/\\\/ Create the request object(s)\\n$pinChangeRequest = new PinChangeRequest();\\n$pinChangeRequest\\n  -&gt;setEncryptedKey(\\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;)\\n  -&gt;setPaymentInstrumentId(\\&quot;PI6789678967896789\\&quot;)\\n  -&gt;setEncryptedPinBlock(\\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;)\\n  -&gt;setToken(\\&quot;5555341244441115\\&quot;);\\n\\n\\\/\\\/ Make the API call\\n$service = new ManageCardPINApi($client);\\n$response = $service-&gt;changeCardPin($pinChangeRequest);&quot;},{&quot;language&quot;:&quot;cs&quot;,&quot;tabTitle&quot;:&quot;C#&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen .net API Library v14.4.0\\nusing Adyen;\\nusing Environment = Adyen.Model.Environment;\\nusing Adyen.Model;\\nusing Adyen.Model.BalancePlatform;\\nusing Adyen.Service.BalancePlatform;\\n\\nvar config = new Config()\\n{\\n    XApiKey = \\&quot;ADYEN_API_KEY\\&quot;,\\n    Environment = Environment.Test\\n};\\nvar client = new Client(config);\\n\\n\\\/\\\/ Create the request object(s)\\nPinChangeRequest pinChangeRequest = new PinChangeRequest\\n{\\n  EncryptedKey = \\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;,\\n  PaymentInstrumentId = \\&quot;PI6789678967896789\\&quot;,\\n  EncryptedPinBlock = \\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;,\\n  Token = \\&quot;5555341244441115\\&quot;\\n};\\n\\n\\\/\\\/ Make the API call\\nvar service = new ManageCardPINService(client);\\nvar response = service.ChangeCardPin(pinChangeRequest);&quot;},{&quot;language&quot;:&quot;js&quot;,&quot;tabTitle&quot;:&quot;NodeJS (JavaScript)&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Node API Library v16.2.0\\n\\\/\\\/ Require the parts of the module you want to use\\nconst { Client, BalancePlatformAPI } = require('@adyen\\\/api-library');\\n\\\/\\\/ Initialize the client object\\nconst client = new Client({apiKey: \\&quot;ADYEN_API_KEY\\&quot;, environment: \\&quot;TEST\\&quot;});\\n\\n\\\/\\\/ Create the request object(s)\\nconst pinChangeRequest = {\\n  paymentInstrumentId: \\&quot;PI6789678967896789\\&quot;,\\n  encryptedKey: \\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;,\\n  encryptedPinBlock: \\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;,\\n  token: \\&quot;5555341244441115\\&quot;\\n}\\n\\n\\\/\\\/ Make the API call\\nconst balancePlatformAPI = new BalancePlatformAPI(client);\\nconst response = balancePlatformAPI.ManageCardPINApi.changeCardPin(pinChangeRequest);&quot;},{&quot;language&quot;:&quot;go&quot;,&quot;tabTitle&quot;:&quot;Go&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Go API Library v9.3.0\\nimport (\\n  \\&quot;context\\&quot;\\n  \\&quot;github.com\\\/adyen\\\/adyen-go-api-library\\\/v9\\\/src\\\/common\\&quot;\\n  \\&quot;github.com\\\/adyen\\\/adyen-go-api-library\\\/v9\\\/src\\\/adyen\\&quot;\\n  \\&quot;github.com\\\/adyen\\\/adyen-go-api-library\\\/v9\\\/src\\\/balancePlatform\\&quot;\\n)\\nclient := adyen.NewClient(&amp;common.Config{\\n  ApiKey:      \\&quot;ADYEN_API_KEY\\&quot;,\\n  Environment: common.TestEnv,\\n})\\n\\n\\\/\\\/ Create the request object(s)\\npinChangeRequest := balancePlatform.PinChangeRequest{\\n  EncryptedKey: \\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;,\\n  PaymentInstrumentId: \\&quot;PI6789678967896789\\&quot;,\\n  EncryptedPinBlock: \\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;,\\n  Token: \\&quot;5555341244441115\\&quot;,\\n}\\n\\n\\\/\\\/ Make the API call\\nservice := client.BalancePlatform()\\nreq := service.ManageCardPINApi.ChangeCardPinInput().PinChangeRequest(pinChangeRequest)\\nres, httpRes, err := service.ManageCardPINApi.ChangeCardPin(context.Background(), req)&quot;},{&quot;language&quot;:&quot;py&quot;,&quot;tabTitle&quot;:&quot;Python&quot;,&quot;content&quot;:&quot;# Adyen Python API Library v12.2.0\\nimport Adyen\\n\\nadyen = Adyen.Adyen()\\nadyen.client.xapikey = \\&quot;ADYEN_API_KEY\\&quot;\\nadyen.client.platform = \\&quot;test\\&quot; # The environment to use library in.\\n\\n# Create the request object(s)\\njson_request = {\\n  \\&quot;paymentInstrumentId\\&quot;: \\&quot;PI6789678967896789\\&quot;,\\n  \\&quot;encryptedKey\\&quot;: \\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;,\\n  \\&quot;encryptedPinBlock\\&quot;: \\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;,\\n  \\&quot;token\\&quot;: \\&quot;5555341244441115\\&quot;\\n}\\n\\n# Make the API call\\nresult = adyen.balancePlatform.manage_card_pin_api.change_card_pin(request=json_request)&quot;},{&quot;language&quot;:&quot;rb&quot;,&quot;tabTitle&quot;:&quot;Ruby&quot;,&quot;content&quot;:&quot;# Adyen Ruby API Library v9.3.0\\nrequire \\&quot;adyen-ruby-api-library\\&quot;\\n\\nadyen = Adyen::Client.new\\nadyen.api_key = 'ADYEN_API_KEY'\\nadyen.env = :test # Set to \\&quot;live\\&quot; for live environment\\n\\n# Create the request object(s)\\nrequest_body = {\\n  :paymentInstrumentId =&gt; 'PI6789678967896789',\\n  :encryptedKey =&gt; '75989E8881284D10153ABACF022EEA09F5...',\\n  :encryptedPinBlock =&gt; '63E5060591EF65F48DD1D4FECD0FECD5',\\n  :token =&gt; '5555341244441115'\\n}\\n\\n# Make the API call\\nresult = adyen.balancePlatform.manage_card_pin_api.change_card_pin(request_body)&quot;},{&quot;language&quot;:&quot;ts&quot;,&quot;tabTitle&quot;:&quot;NodeJS (TypeScript)&quot;,&quot;content&quot;:&quot;\\\/\\\/ Adyen Node API Library v16.2.0\\n\\\/\\\/ Require the parts of the module you want to use\\nimport { Client, BalancePlatformAPI, Types } from \\&quot;@adyen\\\/api-library\\&quot;;\\n\\\/\\\/ Initialize the client object\\nconst client = new Client({apiKey: \\&quot;ADYEN_API_KEY\\&quot;, environment: \\&quot;TEST\\&quot;});\\n\\n\\\/\\\/ Create the request object(s)\\nconst pinChangeRequest: Types.balancePlatform.PinChangeRequest = {\\n  encryptedKey: \\&quot;75989E8881284D10153ABACF022EEA09F5...\\&quot;,\\n  paymentInstrumentId: \\&quot;PI6789678967896789\\&quot;,\\n  encryptedPinBlock: \\&quot;63E5060591EF65F48DD1D4FECD0FECD5\\&quot;,\\n  token: \\&quot;5555341244441115\\&quot;\\n};\\n\\n\\\/\\\/ Make the API call\\nconst balancePlatformAPI = new BalancePlatformAPI(client);\\nconst response = balancePlatformAPI.ManageCardPINApi.changeCardPin(pinChangeRequest);&quot;}]\" :enable-copy-link-to-code-block=\"true\" :code-sample-card-size=\"'fullsize'\"><\/code-sample>\n<\/div>\n<p>The response contains the  <a href=\"https:\/\/docs.adyen.com\/api-explorer\/balanceplatform\/latest\/post\/pins\/change#responses-200-status\" class=\"codeLabel  external-link no-image\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">status<\/a> of the request. Possible values: <strong>completed<\/strong>, <strong>pending<\/strong>, <strong>unavailable<\/strong>.<\/p>","url":"https:\/\/docs.adyen.com\/pt\/issuing\/manage-card-data\/change-pin","articleFields":{"description":"Learn how to allow your cardholders change their personal identification number (PIN).","parameters":{"directoryPath":"\/issuing"}},"algolia":{"url":"https:\/\/docs.adyen.com\/pt\/issuing\/manage-card-data\/change-pin","title":"Change PIN using standard encryption methods","content":"In addition to allowing cardholders to view their card PIN, you can allow them to change their PIN within your app or website. This page explains how to implement a feature to securely change PINs in your user interface.\nTo securely request a PIN change, you must use a base64-encoded RSA public key and an Advanced Encryption Standard (AES) key to generate an encrypted session key.\nUse the session key and a 16-digit token to generate an encrypted PIN block. This PIN block contains the new PIN that your cardholder wants to assign to their Adyen-issued card. You must send the PIN block to Adyen in a POST&nbsp; \/pins\/change request. Adyen then decrypts the PIN block and registers the new PIN.  \nThe following sequence diagram illustrates the workflow.\n\nAs shown in the diagram, the steps for changing a PIN are:\n\nGet a public key from Adyen.\nGenerate an AES key.\nGenerate an encrypted session key.\nGenerate an encryption token.\nGenerate an encrypted PIN block.\nRequest a PIN change to Adyen.\n\nRequirements\nMake sure that:\n\nYou have API credentials for the Configuration API.\nYour API credential has the Bank Issuing PIN Change Webservice role.\n\nGet a public key from Adyen\nYou need a base64-encoded RSA public key to generate an encrypted session key. You must use the  Configuration API to get the public key from Adyen.\nTo get a public key:\n\n\nMake a GET  \/publicKey request with the query parameter  purpose set to pinChange.\n\n\n\nThe response contains:\n\nThe public key\nThe expiry date of the public key\n\n\n\n\n\n\nPass the  publicKey to your front end.\n\n\nGenerate an AES key\nYou need a 256-bit AES encryption key to generate an encrypted session key. You can generate this key by using a random bit generator.\nGenerate an encrypted session key\nYou need an encrypted symmetric session key to securely request the PIN change to Adyen. To generate the encrypted session key, encrypt the AES key you generated in the previous step.\nFor the encryption, use:\n\nThe  publicKey that you received from Adyen.\nThe RSA encryption algorithm, version PKCS 1.\n\nGenerate an encryption token\nYou need a token as an intermediate step to generate the encrypted PIN block. To get a token, generate a 16-digit random number that does not contain zeros. \nExample token: 8374188662676926\nGenerate an encrypted PIN block\nYou must embed the PIN in an encrypted PIN block before sending it to Adyen. Encrypt the PIN block using the ISO format 4 (ISO-4) encryption method.\nTo encrypt a PIN block using the ISO format 4 method:\n\nFormat the token that you previously generated. To do this, create a hexadecimal string of 32 characters as follows:\n\n\"4\" as the first character\nThe token\nThe character \"0\" repeated 15 times.\nExample: 4 + 8374188662676926 + 000000000000000\n\nConvert the formatted token into a 16-byte array.\nFormat the new PIN. To do this, create a hexadecimal string of 32 characters as follows:\n\nThe string \"44\"\nThe new PIN\n10 times the character \"A\"\n16 random hexadecimal characters\nExample: 44 + 5454 + AAAAAAAAAA + 70cd3917e96891f8\n\nConvert the formatted PIN into a 16-byte array.\nEncrypt the 16-byte PIN data using AES in ECB mode with the key that you previously generated.\nCombine the 16-byte token data and the encrypted PIN data into one 16-byte array by doing an XOR.\nEncrypt the combined array using AES in ECB mode with the key that you previously generated.\nConvert this encrypted data into a hexadecimal string.\n\nThe hexadecimal string is the encrypted PIN block that you must send to Adyen when you request the PIN change.\nRequest a PIN change to Adyen\nTo request a PIN change, make a POST&nbsp; \/pins\/change call and specify the following request parameters:\n\n\n\nParameter\nDescription\n\n\n\n\n paymentInstrumentId\nThe unique identifier of the card for which you are changing the PIN.\n\n\n encryptedKey\nThe symmetric session AES key.\n\n\n token\nThe token that you used to generate the encrypted PIN block.\n\n\n encryptedPinBlock\nThe encrypted PIN block.\n\n\n\nThe following code sample shows how to request a PIN change.\n\n    \n\nThe response contains the  status of the request. Possible values: completed, pending, unavailable.","type":"page","locale":"pt","boost":17,"hierarchy":{"lvl0":"Home","lvl1":"Adyen Issuing","lvl2":"Manage card data","lvl3":"Change PIN using standard encryption methods"},"hierarchy_url":{"lvl0":"https:\/\/docs.adyen.com\/pt","lvl1":"https:\/\/docs.adyen.com\/pt\/issuing","lvl2":"https:\/\/docs.adyen.com\/pt\/issuing\/manage-card-data","lvl3":"\/pt\/issuing\/manage-card-data\/change-pin"},"levels":4,"category":"Issuing","category_color":"green","tags":["Change","using","standard","encryption","methods"]},"articleFiles":{"pin-change.svg":"<img alt=\"\" src=\"https:\/\/docs.adyen.com\/user\/pages\/docs\/07.issuing\/17.manage-card-data\/08.change-pin\/pin-change.svg?decoding=auto&amp;fetchpriority=auto\" \/>","request-pin-change.js":"<p alt=\"\">request-pin-change.js<\/p>"}}