Upload Your Encryption Key
Payment information can be retrieved from the
Unified Checkout
platform by
invoking the Payment Credentials API. This API retrieves all of the data captured by
Unified Checkout
. This information is transmitted in an encrypted
format to ensure the security of the payment information while in transit. You must generate an encryption key pair to retrieve this encrypted payment information,
and the public encryption key must uploaded to the
Unified Checkout
system.Generate a Public Private Key Pair
You must generate a public-private key pair to upload to the
Unified Checkout
system. The public key is uploaded to the Unified Checkout
platform and
is used to encrypt sensitive information in transit. The private key is used to decrypt
the sensitive payment information on your server. Only the private key can properly
decrypt the payment information.IMPORTANT
You must secure your private decryption key. This key must never be
exposed to any external systems or it will risk the integrity of the secure
channel.
Unified Checkout
accepts only keys that meet these requirements:- Only RSA keys are supported. Elliptical curves are not supported.
- The minimum accepted RSA key size is 2048 bits.
- RSA keys must be in JWK format. More information on JWK format is available here:
- The key ID must be a valid UUID.
Uploading Your Key Pair
When you have generated your encryption key pairs, you can upload your key to the
Unified Checkout
platform. Keys can be loaded at any hierarchy that is enabled
for them and are used for all child entities that do not have keys loaded. You can
upload a key at parent and child levels, but child keys override parent keys.Follow
these steps to upload your key pair:
- Navigate toPayment Configuration > Unified Checkout. TheUnified Checkoutconfiguration page opens.
- ClickEnabled. You can upload your key in the appropriate section.
- Upload the public encryption key in JWK format, and clickSave.