Headers
An idempotency key is an arbitrary unique value generated by client to detect subsequent retries of the same request. It is recommended that a UUID or a similar random identifier be used as an idempotency key. A different key must be used for each request, unless it is a retry.
"7d943c51-e4ff-4e57-9558-08cab6b963c7"
Query Parameters
Card ID
"6dc0397d-1aba-4be9-9582-895a7a887d49"
Response
Card details
JWE compact serialization of the encrypted card data as defined in RFC 7516 Section 7.1.
Format: header.encryptedKey.iv.ciphertext.authTag
All segments are base64url-encoded and concatenated with periods.
-
header: Contains algorithm information and key identifier
- "alg": "ECDH-ES+A256KW" - Key management algorithm
- "enc": "A256GCM" - Content encryption algorithm
- "kid": base64url-encoded JWK thumbprint. The thumbprint is calculated using the JWK as per RFC 7638 and is used to identify the public key used for encryption.
The algorithm identifiers follow RFC 7518
-
encryptedKey: The content encryption key encrypted using ECDH-ES
-
iv: Initialization vector for AES-GCM
-
ciphertext: The actual encrypted data
-
authTag: Authentication tag for AES-GCM integrity verification
When decrypted, the ciphertext contains a JSON object with the following structure:
{
"pan": "5217866647558899",
"cvv": "123",
"expiration_year": "25",
"expiration_month": "06"
}"eyJhbGciOiJFQ0RILUVTK0EyNTZLVyIsImVuYyI6IkEyNTZHQ00iLCJraWQiOiJyZWNpcGllbnQta2V5LWlkIn0.AAAAAAAAAA.qcT0jHQJp5MI.0mxQptHnLbmpYmVF-HPzwg.iH2aDMwuCefM_iBPxuBbJA"