Field Level Encryption universal/core/card API

Syed_Talha

I am using the API Key and sharedSecret key for the field-level Encryption for the API core/cards enrollment API.

Using the below function I validate the payload by encrypting and then decrypting the payload.

public static string CreateJwe(string payload, string apiKey, string sharedSecret,
JweAlgorithm jweAlgorithm = JweAlgorithm.A256GCMKW,
JweEncryption jweEncryption = JweEncryption.A256GCM,
IDictionary<string, object> extraHeaders = null)
{
var secretKey = GetHash(SHA256.Create(), sharedSecret);

IDictionary<string, object> jweHeaders = new Dictionary<string, object>();
jweHeaders.Add("kid", apiKey);

if (extraHeaders != null && extraHeaders.Count > 0)
{
foreach (KeyValuePair<string, object> author in extraHeaders)
{
//Console.WriteLine("Key: {0}, Value: {1}",
//author.Key, author.Value);
jweHeaders.Add(author);
}

/*foreach (var (key, value) in extraHeaders) {
jweHeaders.Add(key, value);
}*/
}
return JWT.Encode(payload, secretKey, jweAlgorithm, jweEncryption, null, jweHeaders);
}

public static string DecryptJwe(string jweStr, string sharedSecret)
{
var secretKey = GetHash(SHA256.Create(), sharedSecret);

return JWT.Decode(jweStr, secretKey);
}

As per the sample code of visa c# of JWE use the apikey and sharedSecret key. When the encCard data is sent to the API getting the below-error.

{"errorResponse": {
"status": 400,
"reason": "invalidParameterEncCard",
"message": "Invalid input parameter(s)",
"details": [ {
"location": "encCard",
"message": "Unable to parse or decrypt"
}]
}}

The API key , sharedSecret key and test data is getting from the visa developer account

Need help in this regard

cathy2981

Hi, @Syed_Talha Thank you for reaching out. An agent is looking for a solution for you and will get back to you as soon as possible. Until then, if any community members know a solution, please share it here. -Cathy

API_Products

Hi Chen,

As a first step, you need to enroll the card using the Universal Card enrollment API for getting the vCardId. You should be encrypting the card object using JWE Asymmetric encryption. Please refer to the attached Encryption Certificate and KID for encrypting the card object. Card Object details can be retrieved from the API Reference page.

Please find below the test data, along with the certificate that is attached to this post.

*************************************************************************************

Encryption Key

VisaPublicKey_ForEncryption_Sbx_Cert.pem	Visa Public Key used in JWE Asymmetric Encryption.
Q2AY3V5E3ICNBUU66D8K11hBmzqdXSvTiNzZ-YnpozWRXTo50	KID – To be used in JWE Header

Test Data – VDP Sandbox (sandbox.api.visa.com)

Google Pay

PAN

X51X23XX20053999 – Replace X with 4

X51X231XX7208143

deviceID

uztEQocBRFrbK5hCgcDbxqw_

Apple Pay

PAN	45X42344X3926268 – Replace X with 1 45X4236833852412
deviceCert	MIID/TCCA6OgAwIBAgIIMq/qUa9Z2nMwCgYIKoZIzj0EAwIwgYAxNDAyBgNVBAMMK0FwcGxlIFdvcmxkd2lkZSBEZXZlbG9wZXIgUmVsYXRpb25zIENBIC0gRzIxJjAkBgNVBAsMHUFwcGxlIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRMwEQYDVQQKDApBcHBsZSBJbmMuMQswCQYDVQQGEwJVUzAeFw0xODA2MDEyMjAzMTBaFw0yMDA2MzAyMjAzMTBaMGwxNTAzBgNVBAMMLGVjYy1jcnlwdG8tc2VydmljZXMtZW5jaXBoZXJtZW50X1VDNi1TQU5EQk9YMREwDwYDVQQLDAhBcHBsZVBheTETMBEGA1UECgwKQXBwbGUgSW5jLjELMAkGA1UEBhMCVVMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGiJjmEMmvOZBGj+tdj2ED7xnc9y1C0vNVaqZva7lvKkbgrfcWdo0/NdIJZ5wDcZ0eBtPuRJ+q/eSP9FLXQ19wo4ICGDCCAhQwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBSEtoTMOoZichZZlOgao71I3zrfCzBHBggrBgEFBQcBAQQ7MDkwNwYIKwYBBQUHMAGGK2h0dHA6Ly9vY3NwLmFwcGxlLmNvbS9vY3NwMDMtYXBwbGV3d2RyY2EyMDUwggEdBgNVHSAEggEUMIIBEDCCAQwGCSqGSIb3Y2QFATCB/jCBwwYIKwYBBQUHAgIwgbYMgbNSZWxpYW5jZSBvbiB0aGlzIGNlcnRpZmljYXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJsZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRlIHBvbGljeSBhbmQgY2VydGlmaWNhdGlvbiBwcmFjdGljZSBzdGF0ZW1lbnRzLjA2BggrBgEFBQcCARYqaHR0cDovL3d3dy5hcHBsZS5jb20vY2VydGlmaWNhdGVhdXRob3JpdHkvMDYGA1UdHwQvMC0wK6ApoCeGJWh0dHA6Ly9jcmwuYXBwbGUuY29tL2FwcGxld3dkcmNhMi5jcmwwHQYDVR0OBBYEFMNruSHk5gH1LauD+wBI/9sgl/VpMA4GA1UdDwEB/wQEAwIDKDASBgkqhkiG92NkBicBAf8EAgUAMAoGCCqGSM49BAMCA0gAMEUCIQDhL+sL9bcrvAVO3UvswA805EHujfL7iVDrbEuJfOSJoAIgBPKehtuILl9x/SJ5kxReiml1zkJqUB8nTy0UOfUNIIQ=
nonceSignature	QHuLYArUCO2OZevP0rHc99g9RJp4O1dgsZuVpUdlA7zPWqCDhVQo9Mxr1uPS6GVyjZYo3YElIhHRV4Mv3wEJ3hGOaxK1gResup88QWDK1fL0
nonce	kauVuA==

Sample Card Object

Card Object

{

"accountNumber": "451X234413926268",

"nameOnCard": "Google",

"expirationDate": {

"month": "12",

"year": "2022"

},

"cvv2": "533",

"billingAddress": {

"name": "shankar",

"line1": "12301 Research Boulevard",

"line2": "Research Boulevard",

"line3": "Visa USA",

"city": "Austin",

"state": "TX",

"countryCode": "US",

"postalCode": "78759"

}

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

sed

Hello,

Thanks to this I was able to encrypt the data needed for Create Customer Endpoint.

But where can I get the key to be used for decryption?

When I retrieve the created customer, some of the fields are encrypted. When I use the same key I used for encryption, the decryption fails. Also, I tried all pem keys listed under the "Credentials" page in the dashboard, but I can't seem to find the correct key to be used for FLE.

Thanks!

API_Products

Hi @sed,

I'm happy to help investigate the error. Please share with us the details to your error below.

1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hi @sed,

I've logged incident INC16660455 for our engineering team to investigate the error. Please provide us with the x-correlation-id asked below in my prior post to you. Thank you.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

sed

=====================================

SUMMARY

=====================================

I implemented FLE and was successful to create and retrieve a customer (sandbox).

I used the "VisaPublicKey_ForEncryption_Sbx_Cert.pem" file to encrypt the fields. I obtained this file from "Dashboard -> Assets -> Visa In-App Provisioning -> Document -> Visa Public Key for Encryption."

However, Im unable to find any private key that I can use to decrypt the response from the GET customer request. I tried using the same key, including all PEM files from the "Credential tab", but I couldn't make it work.

Could you provide me with the file to decrypt the FLE response, Or perhaps a link to download the file. Your assistance is greatly appreciated.

Note that I'm able to create/get customer, but I'm unable to decrypt the "enc" fields.

API Details below

=====================================

CREATE CUSTOMER:

=====================================

-------------------------------------

Request:

-------------------------------------

endpoint = 'https://sandbox.api.visa.com/universal/core/customers'

method = 'post'

payload = {

'lastName': 'Narayanan',

'firstName': 'Shankara Child',

'locale': 'en_US',

'encAddress': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoiMzdmZDZjMzItM2NhNS00MDhiLTkxM2ItYTNhM2UyMjFhMDA4IiwidHlwIjoiSk9TRSJ9.CwC50T8m5J-qTdUwnVbnew-HRQnuuTGLAVCByjPNlxxl2Ss5SnUzCrx7kMWwfy-bbXn4Lmxqa6lp7kLgQUKSCH0zINRtc5GKL5r1yTXWyC4lTzCkJmwGfq6A2PhXsMROlimOgWv7RDTOgDmrPekUjk6eaWKfMay8kIDAUJIJKL1yn0JIz5d-RD4nceIh9P_NREDV4WrcNLVMZWNb_rOEcA7H62pS51GbOoWbqaUjyDkYvPAcl9FETkS-uS8Vy9mlRf9O5RIs0TzB8QygxI7ySPIgTfbMc-sVHBf2rDK8zToGtC0tCNltw3DsPLoukmFRNfLsYdMo03XgFdi0epcJxQ.hfYehGYaQvgGUoau.A9MUaKi71XoQ_o5tAqE3lHz8P1wIxf3tqGUX-ckWlqFms7oDY2A5jGCwmzd--Bp9nfE3STG1yb63KnHWQBp4hz9N89o6hwx0rEpat0HjGARVIlFMTlooRpP4_K7SsAgDAMxnHx6KLwLVnu4JeMGVbkq_UnWuaAUd0gsWB68sf_wxa5oFvD50lUatmAEyUazHNrfgRGIlVf7rfQ6AoZN4m-frFB6LFoyGcG2a5uiAV5BvEXZKVnEx1DNvVb-DrqKNjnA.WKuFexhT_FwVun6QsZBtDA',

'encEmailAddress': 'eyJhbGciOiJSU0EtT0FFUC0yNTYiLCJlbmMiOiJBMTI4R0NNIiwia2lkIjoiMzdmZDZjMzItM2NhNS00MDhiLTkxM2ItYTNhM2UyMjFhMDA4IiwidHlwIjoiSk9TRSJ9.DrNT0VZq6Xgr8Lg5WlZO1fCPLf1W2B1EFFzhKf0zjq5yDK8E1JTO1m0Pmdkci2_bg8ubxgqfqXfPT2aAY0Eucf6BNCRFpXNzHxv7QBkr-0J0voiY-TOy5t8oRst0XdPgaw_-dHMmxbyxUdXLotz4xP77ggyEjlZimLr5_IjE90xjmcs4GUJzMOva3HZ_D8ZSA5D6uaKF3BTI9pBUNsw1wI-r3G2F1K2XFm39IDS4MPSpjMoyVggQHAKVpQeDfujEktSG8Vbncg5dgOSfKRZbQRbwsz7GyKLlD2vdAguP22ur0ho1m3bTt8scbN08tNMTqHiv7PJUGLbD9nwNsUjQNQ.HvrdI7fMRRg0ZXd2.yaWWWFezR60GidiF6q7bvuKprQKkyU6C.K2zNIOrwt9JroTgIjJkLKw'

}

headers = {'Accept': 'application/json'}

auth = ('<visa user id from developer console>', '<visa password from developer console>')

cert = ('cert.pem', <cert key from developer console>)

-------------------------------------

Response

-------------------------------------

status_code = 201

header = {

'Server': 'nginx',

'Date': 'Fri, 25 Aug 2023 22:25:48 GMT',

'Content-Type': 'application/json;charset=UTF-8',

'Content-Length': '1459',

'Connection': 'keep-alive',

'X-SERVED-BY': '-8675d7f8',

'X-CORRELATION-ID': '1693002347_762_1762590200_-8675d7f8_VDP_WS',

'X-APP-STATUS': '201',

'Cache-Control': 'no-cache, no-store, must-revalidate',

'X-Frame-Options': 'SAMEORIGIN',

'X-XSS-Protection': '0, 1; mode=block',

'X-Content-Type-Options': 'nosniff, nosniff',

'Strict-Transport-Security': 'max-age=31536000;includeSubdomains, max-age=31536000;includeSubdomains;always',

'Pragma': 'no-cache',

'Expires': '-1',

'Content-Security-Policy-Report-Only': "default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;",

'X-Content-Security-Policy-Report-Only': "default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;",

'X-WebKit-CSP-Report-Only': "default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;"

}

response = {

'firstName': 'Shankara Child',

'lastName': 'Narayanan',

'locale': 'en_US',

'createdDateTime': 1693002348225,

'updatedDateTime': 1693002348225,

'vCustomerID': '610c24ce-fb48-4a36-a6f5-cf825b1c9268',

'status': 'ACTIVE',

'encEmailAddress': 'eyJraWQiOiJiNTFkZmEyMyIsImVuYyI6IkEyNTZHQ00iLCJhbGciOiJSU0EtT0FFUC0yNTYifQ.Ql59MGelCjS_1x0tVR-Jn3fCNVpOotX4zxbcLoGqhZyTNMnyPZnlmR8i17ksr_XqFqPDQVip2cCvp0lvbFqZ2pGq2Wiwmbk8ry3o05EWhnckPFkxvkNxCVVRRBPrjOcN__dESUbGt2XeID47Apjo7aaOHMGK-VNVIgpPRUx8lCZOe1SNAUtBvhve16ZxHeREl5GOVUj8H92NFj770_uWrYpycnJk4yEpWfgA9wioblsCzcX1xMt2CGy75sRdMqN1YvdZfaGuywbHhq-VnkfMMBKTRFTz0Gvm2WqJNTFbI014-H38Xqmjs6bsbzrhYMjTDu_fVrKIEe2t0m97Z2pdaw.KbZfPwt08sRRghOy.KSVu0ETKtfyz3cUfoM8jsfqBwp4AdikhFiw.F6Je9X81nAH6BoLPOdJxog',

'encAddress': 'eyJraWQiOiJiNTFkZmEyMyIsImVuYyI6IkEyNTZHQ00iLCJhbGciOiJSU0EtT0FFUC0yNTYifQ.c0tyxceCQEV3hMeBS6Wl2JfrHeqI8F1LSY-_FHOiRh_Aawc5_Y7qIxOiKVaWc_i6jZ9ngesZ7SOfvl-cDNYMkuIlHHcQTVnpQo7NU_Hv9AdzoAhkLJVWqO7bwa1p93GrjPF9jVqbN3QtB7lt_emywMq4v183MNe-T7b8b_PvEemHVZM-RZPxA95sVfHYPwY9Tw2O-nFAiFHotQcBzQpdN4-1k8_s6_UQevtHty_FaXMScfOihM5OVhT0dclT95T7dk81GvDA5hmzYnMq933-x08j2d7rYa9lDAMGjhK6c-PwK1nxMhQY_uIGeqo7b3PPVoum9fA6OcV1rlMjKBwtQA.XrFWb0RR2L4WiR_K.GyeAVkKeKDpkfpmduGGc1FJCV6yP7zaQ6HolLFOm5OeHyFw5SwydSs0hXp5qBz6bCFPqvOxEGpuAqaN6Zdxv0AxmihEFTL1X5JsZOXbMNXQwwTQBIzVEsUzuwQ7kaE457xT3K8jfIox2XtPOPYBERdj23uwpgU-tSfi6UEWkbaOaVIGvtTHPhZmxcIX-ZfKTO0CwSlvVGYSZiTnHiv_8tkNZS_wK4HunATFApwGhbT2F9fxKecegA1Y9RHOVs9UnhSE-TQrdnQ.VF3Zu8ZwIyPOcjZCNFSCTA'

}

=====================================

RETRIEVE CUSTOMER:

=====================================

-------------------------------------

Request:

-------------------------------------

endpoint = {str} 'https://sandbox.api.visa.com/universal/core/customers/610c24ce-fb48-4a36-a6f5-cf825b1c9268'

auth = ('<visa user id from developer console>', '<visa password from developer console>')

cert = ('cert.pem', <cert key from developer console>)

method = {str} 'get'

payload = {dict: 0} {}

-------------------------------------

Response

-------------------------------------

response = {

'firstName': 'Shankara Child',

'lastName': 'Narayanan',

'locale': 'en_US',

'createdDateTime': 1693002348225,

'updatedDateTime': 1693002348225,

'vCustomerID': '610c24ce-fb48-4a36-a6f5-cf825b1c9268',

'status': 'ACTIVE',

'encEmailAddress': 'eyJraWQiOiJiNTFkZmEyMyIsImVuYyI6IkEyNTZHQ00iLCJhbGciOiJSU0EtT0FFUC0yNTYifQ.cvd6p46ECsgkuiyPIMRPYZXxYkem06YJFBv8httZhLjcQetNWlPi5e80lqAu-h84bIg9J-xEQsxVyA3ayWs2G77OD1cUMk35oB826dFVPGsJRLButYowh6S_-9mQIxW8CzBqotr7i2zmGJX9Ko2UtlMdrFfLtiTXpH0TLxpsqKDBqMOocj6qMjQdvVeBwLr_1KrWr7Ra0jvB5elxTqPGc0TEr6yo945vtEJ41ZM7PRFPS3gadsfNFwGigrrtwx9WrLe0gX3t0gdhKts1lm_bL3cq48PlbTpa3I6ZW0uuqMj0BBAfiBhLttwvdvpePjW_vVhyHja8TEK4s_edWE67pw.xDP4T8fuimkN0VC4.dEZJ-wNughpj5dBCfiVskxiOPdb5FEYYaaM.CK-H8xvbFDuksL8ehKfwOQ',

'encAddress': 'eyJraWQiOiJiNTFkZmEyMyIsImVuYyI6IkEyNTZHQ00iLCJhbGciOiJSU0EtT0FFUC0yNTYifQ.Co2wum5zAsQkgWTp5OdD1GhMu6iIxjtkEgMF8eKfk_4_IvOk_NQP_Ybecp-zK-JJpoe97d6SS5K9wy3NDKK-WQ9jT3balul_TiFAohCwLHPWkD8ccYk17PXXhYHebnd_Ggfm8yVC3n-3_S0nkT-YfpvUEYcqLo3ReauvgsSgVJtha7nwZ0PjjEeECmNSn3XbP72pU55W8StHfNwt46yI5kQjz9VKvF4enTqo4IyjGhSNjZtAT1_S1DHCy-y_-GZbNroDGUDgr8uV1IWoWMl0UkBivZE5DKlHqwo6WSkM8Tz1LkiRxcJAvj_VInSHrLIi5bZdkPAEsGjAZk-f0uYmcw.ahLr3MszFQOfv_I0.E_w8s91dYdi8drBFmd-wKKTB7-8rYSmXfKLhxMgJyF8k56pru-PRrknTfKofaPOgPOHptXe7lSROm710vsAn6Yur8SjVXJxpfQG2qjVpMoZWYjliV9lslgfJ9AjJQB231U57rjLYIrVJjB_6DQOCrs0fQHcyWchqgbviB2Cq1T4-jbt1CYzeCufRZeSxhvw4KSdeQ8O3zN173LCIg9P-03oUZ7Ufe2HW-eNpxYUzKLzgginqlm1Z9Ffhw8PSP4uz-abnF8LXAdB8SovnrYGzUCAlzYazDhQr5hfpVY0Pth4.EcvukBJ_T60AJdaUdzEZAA'

}

headers = {

'Server': 'nginx',

'Date': 'Fri, 25 Aug 2023 22:37:50 GMT',

'Content-Type': 'application/json;charset=UTF-8',

'Content-Length': '1492',

'Connection': 'keep-alive',

'X-SERVED-BY': '-8675d7f8w5',

'X-CORRELATION-ID': '1693003070_522_907948758_-8675d7f8w5_VDP_WS',

'Cache-Control': 'no-cache, no-store, must-revalidate',

'X-APP-STATUS': '200',

'X-Frame-Options': 'SAMEORIGIN',

'X-XSS-Protection': '0, 1; mode=block',

'X-Content-Type-Options': 'nosniff, nosniff',

'Strict-Transport-Security': 'max-age=31536000;includeSubdomains, max-age=31536000;includeSubdomains;always',

'Pragma': 'no-cache',

'Expires': '-1',

'Content-Security-Policy-Report-Only': "default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;",

'X-Content-Security-Policy-Report-Only': "default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;",

'X-WebKit-CSP-Report-Only': "default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;"

}

API_Products

Hi @sed,

Please use the decryption key that is attached to this forum post and share your result with us. The attached decryption key filename is VisaPublicKey_ForEncryption_Sbx_Cert.zip.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hi @sed,

Has the issue been fixed? Do you need further assistance? If the issue is fixed, please let me know so I can take you off my contact list.

Thanks,

Diana H.

Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

API_Products

Hi @sed,

I haven't heard back from you so I'll take you off my contact list. Please reach out to us at the community if you need help and someone will be happy to assist.