No momento, esta página não está disponível em português

Reveal card details using standard encryption methods

Allow your cardholders to see their card verification code (CVC), primary account number (PAN) and expiration date.

You can allow your cardholders to access the details of their Adyen-issued card within your app or website. This page explains how to implement a feature to securely reveal card details in your user interface, such as:

Card verification code (CVC)
Expiration date
Primary account number (PAN)

To reveal the card details in your user interface, you must first get the card details data from Adyen. To securely request the data, you use a base64-encoded RSA public key and an Advanced Encryption Standard (AES) key to generate an encrypted session key.

Use the session key to request Adyen to reveal the card details. This response contains the encrypted card data assigned to the Adyen-issued card. You must extract the data from the decrypted response and then reveal them to the cardholder in your interface.

The following sequence diagram illustrates the workflow.

As shown in the diagram, the steps for revealing the card details are:

Get an RSA public key from Adyen.
Generate an AES key.
Generate an encrypted session key.
Request card details from Adyen.
Decrypt and reveal the card details in your user interface.

Before you begin

Ensure that:

You have API credentials for the Configuration API.
Your API credential has the Bank Issuing PAN Reveal Webservice role.

Get a public key from Adyen

You need a base64-encoded RSA public key to generate an encrypted session key. You must use the Configuration API to get the public key from Adyen.

To get a public key:

Make a GET /publicKey request with the query parameter purpose set to panReveal.

The response contains:
- The public key
- The expiry date of the public key
Pass the publicKey to your front end.

Generate an AES key

You need a 256-bit AES encryption key to generate an encrypted session key. You can generate this key by using a random bit generator.

Generate an encrypted session key

You need an encrypted symmetric session key to securely request the card details from Adyen. To generate the encrypted session key, encrypt the AES key you generated key you generated in the previous step.

For the encryption, use:

The publicKey that you received from Adyen.
The RSA encryption algorithm, version PKCS 1.

Request card details from Adyen

Request from Adyen the encrypted card details as follows:

Make a POST /paymentInstruments/reveal request and specify the following parameters:

Parameter Description

paymentInstrumentId The unique identifier of the card for which you are revealing the details.

encryptedKey The encrypted symmetric session key.

The response contains the encryptedData.
Pass the encryptedData to your client.

Decrypt and reveal card details

To reveal the card details you must:

Decrypt the encryptedData using:
- The AES key that you previously generated.
- The AES algorithm in CBC mode with PKCS 5 padding.
Render the extracted card details in your app or on your website.

The following code is an example of decrypted card details.

After decrypting the data, you can reveal it to the cardholder in your interface.