Visa Developer Community




I am trying to decrypt data from the VTS using JWE with C#, and I have  issue, and can you someone guide me or post some code to tackle the issue.


Thank you

Visa Dev Moderator

Re: VTS JWE in C#

Hello @Raveen


Sample JWE using API Key/Shared Secret

JWE Header


"alg": "AGCM256KW", // Encryption algorithm to be used for encryption of CEK

"iv": "<SizeofIVistobe96bit.>",// IV to be used for encryption of CEK

"tag": "<128bitvalue>", // HMAC generated from applying AES-256-GCM-KW to the CEK

"kid": "50charAPIKey", // API key

"channelSecurityContext": "SHARED_SECRET",

"enc": "AGCM256",

"iat": "1429837145"

JWE Body:

//base64 encoded form. CEK encrypted using AGCM256KW (alg) algorithm and the CEK IV

“encrypted_key”: “UghIOgu ... MR4gp_A=” ,

// base64 encoded form. IV for the text encryption. Size of IV is to be 96 bit

“iv”: “AxY8DctDa….GlsbGljb3RoZQ=”,

//Base64 encoded form. Encrypted blob generated using the AES-GCM encryption (enc) of the text to encrypt

“ciphertext”: “KDlTthhZTGufMY…….xPSUrfmqCHXaI9wOGY=”,

// base64 encoded form . HMAC generated using the AES-GCM encryption of the text to encrypt. The size of the tag is to be 128 bits.

“tag”: “Mz-VPPyU4…RlcuYv1IwIvzw=”

Note: The JWE Protected Header is input as the AAD (Additional Authenticated Data) parameter of the authenticated encryption (AES-GCM) of the “text to encrypt”.

JWE composition

BASE64URL (UTF8 (JWE Header)) || ‘.’ ||

BASE64URL (JWE Encrypted Key) || ‘.’ ||

BASE64URL (JWE IV) || ‘.’ ||

BASE64URL (JWE Ciphertext) || ‘.’ ||

BASE64URL (JWE Authentication Tag)

JWE/JWS specification requires BASE64URL encoding with NO padding.

General approach for JSON Web Encryption using API key/Shared Secret

(Refer to complete specification for deeper overview of JWE –


For more information on how to decrypt data, please visit this link -


Please let me know if you have any additional questions. 


Thank you, 



Re: VTS JWE in C#

Hi Vaibhav,


I am really thankful for your response and I will try with your sample but I see there is new field "channelSecurityContext" in the header where it does not specified in the visa documentation. Moreover,  I was trying to access but does not succeed.


Thanky you once again.


Visa Dev Moderator

Re: VTS JWE in C#

Hello @Raveen


Visa Token Service API is a restricted product. If you wish to request access to VTS API, please send me an email at There is a set of questions you will have to answer and that information will be forwarded to the product team for review. 


Thank you, 


New Contributor

Re: VTS JWE in C#



I need help regarding encryption, could you please share your code to encrypt using AGCM256KW?