Client-Side Encryption Library
Prerequisite
Get an access_token and use it as 'Bearer' token in your request. Find more details here.
How does it work?
Some payment methods of the CM.com Online Payments API require specific data to be encrypted. This is used for example when you build an integration for Credit Card and Bancontact API endpoints. Card data must be encrypted in the browser of the customer. This encrypted data should then be sent to the CM.com Online Payments API.
Why do you need it?
Card holder data is very sensitive information. To ensure plain card details are not send through your system, that data must be encrypted in the browser of your consumer.
Getting Client-Side Encryption libraries
The CM.com Online Payments API allows Merchants (You) to get the client-side-encryption libraries required to encrypt the card details entered in the page that Merchants present to Consumers. The diagram below presents the interaction that takes place between Merchant (You) and CM.com Online Payments API when requesting client-side-encrypytion libraries:
Request
GET https://api.pay.cm.com/api/v1/paymentmethods/library/cse
Response
{
"bancontact": {
"cseUrl": "https://api.pay.cm.com/libraries/ps/cse/80117cdb-be80-425f-954d-9696102efa60",
"upstream": "ps"
},
"creditcard": {
"cseUrl": "https://api.pay.cm.com/libraries/ps/cse/80117cdb-be80-425f-954d-9696102efa60",
"upstream": "ps"
}
}
Optional parameters
| Parameter | Type | Description | Constraints |
|---|---|---|---|
| bancontact.cseUrl | String | It contains the Client-Side-Encryption library URL that you can use on your HTML. (e.g. Using the Client-Side Encryption library to encrypt card details ) | Only if Bancontact is enabled for you. |
| bancontact.upstream | String | Indicates the upstream used by CM.com Online Payments API to generate the Client-Side-Encryption library URL. | Only if Bancontact is enabled for you. |
| creditcard.cseUrl | String | It contains the Client-Side-Encryption library URL that you can use on your HTML. (e.g. Using the Client-Side Encryption library to encrypt card details ) | Only if Credit Card is enabled for you. |
| creditcard.upstream | String | Indicates the upstream used by CM.com Online Payments API to generate the Client-Side-Encryption library URL. | Only if Credit Card is enabled for you. |
Response codes
| HTTP status | Description |
|---|---|
| 200 | Client-Side Encryption libraries successfully retrieved. |
| 4XX | Client error response (See message for details). This response is given when the User input was incorrect or something illegal was attempted (eg. using a service without having that service configured for the user, or not being authorized). |
| 5XX | Server error response (See message for details). |
Using the Client-Side Encryption library to encrypt card details
This is an example of how you can use the Client-Side Encryption library to encrypt the card details on your own page:
<script src="http://api.pay.cm.com/libraries/ps/cse/80117cdb-be80-425f-954d-9696102efa60"></script>
<script>
function updateMessage() {
const cardHolderName = document.getElementById("card-holder-name").value;
const cardNumber = document.getElementById("credit-card-number").value;
const expiryMonth = document.getElementById("credit-card-expiry-date-month").value;
const expiryYear = document.getElementById("credit-card-expiry-date-year").value;
const securityCode = document.getElementById("credit-card-security-code").value;
let encryptedCardDetails = cseEncrypt(cardHolderName, cardNumber, expiryMonth, expiryYear, securityCode);
console.log(encryptedCardDetails);
}
</script>
Updated about 2 months ago