JSON API & Client Side Encryption

What is the PayTrace JSON API & Client Side Encryption?

The PayTrace JSON API offers the fastest and most secure method to integrate with our platform, utilizing standard technology and providing more robust integration options than our traditional API integration methods. In addition, client side encryption can allow you to encrypt sensitive data at the browser level before passing it along to the server. This will allow your application to still accept sensitive data without needing to pass it through your server environment, mitigating the scope of PCI you are exposed to.

How Does Client Side Encryption Work?

Client side encryption will allow you to encrypt sensitive customer information for safe communication to the PayTrace Gateway. Typically this data will be coming from a web form, or a proprietary application. Your servers will use a public key to encrypt the data, while only PayTrace can decrypt this data with our private key. PayTrace will provide a library to use when implementing client side encryption. This library will allow your server to send the encrypted data to the PayTrace Payment Gateway. Once PayTrace receives the encrypted data, it is then decrypted and the request is executed.

Why Encrypt Data, and What Data Should be Encrypted?

Encrypting data helps the mitigate risk of unauthorized access to your data, whether it be data at rest or in motion. Encryption prevents data visibility in the event of its unauthorized access or theft by outside parties. When processing transactions or requests to PayTrace, you are putting data in motion. You can encrypt the sensitive data in motion using PayTrace’s Client Side Encryption to safeguard against unauthorized access. If the data in motion is somehow compromised, the encrypted data will be useless in its unencrypted format. Only PayTrace has the private key to decrypt the data. The below fields are commonly encrypted to help protect their integrity.

  • Credit Card Number
  • Expiration Date
  • CVV - The 3 Digit Security Code
  • Checking Account Number
  • Routing Number