Hey! These docs are for version 3.2, which is no longer officially supported. Click here for the latest version, 1.0!

Card Encryption

The card details (card number, expiry month, expiry year, CVV) can be encrypted before passing to Juspay using the asymmetric cryptographic algorithm.

  • The public key will be shared by Juspay which can be used for encryption.
  • Encrypt the card details using the shared public key. The sample code snippet is given below.
  • Prepend "enc-" to the encrypted detail.
  • Pass the details to Juspay in the transaction call.


Encryption algorithm and key size

Algorithm: RSA/ECB/PKCS1Padding
Key Size: 2048 bit

   Required inputs for encrypting are given in this table:     (click to open)
card_encoding_versionThe version of encryption
Example:   2021-01-21
client_enc_key_idThe Key id provided by Juspay. Required for merchant specific RSA keys
Example:   9999
card_numberEncrypted card number. Prepend "enc-" to the encrypted detail
Example:   enc-13df32hfjhrf
card_exp_monthEncrypted card expiry month. Prepend "enc-" to the encrypted detail
Example:   enc-ytgrfdsxfcvbjm
card_exp_yearEncrypted card expiry year. Prepend "enc-" to the encrypted detail
Example:   enc-kiujytgrfdxcvbn
card_tokenThe card token obtained in the response of list card. Required for saved card transaction.
Example:   tkn_b095fb039015642b4b8a80eac132368b0
card_security_codeEncrypted card security code. Prepend "enc-" to the encrypted detail
Example:   enc-jhkhgdfszxcf

Sample Code Snippet for Encryption:

public String encryptRSA(String publicKey, String content) {

    try {
        final String algorithm = "RSA/ECB/PKCS1Padding";

        publicKeyContent = publicKeyContent
                .replace("-----BEGIN PUBLIC KEY-----\n", "")
                .replace("-----END PUBLIC KEY-----", "");

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        X509EncodedKeySpec keySpec = new X509EncodedKeySpec(Base64.decode(publicKeyContent, Base64.DEFAULT));
        Key publicKey = keyFactory.generatePublic(keySpec);

        Cipher cipher = Cipher.getInstance(algorithm);
        cipher.init(Cipher.ENCRYPT_MODE, publicKey);

        byte[] encrypted = cipher.doFinal(content.getBytes());

        return Base64.encodeToString(encrypted, Base64.NO_WRAP);
    } catch (Exception e) {

    return "";

You may use the Public Key below for testing in a sandbox environment.

-----END PUBLIC KEY-----

For Production, use the Public Key below:

-----END PUBLIC KEY-----
The response for the Card Encryption API is a Payment Status Object with one extra parameter: "txn_uuid", and one extra object: "offer_details": {...}       (click to open table)
order_idStringUnique Identifier for the order.
txn_idStringTransaction ID for the payment attempt.
txn_uuidStringTransaction UUID
statusStringStatus of the transaction. See Appendix below for status mapping. PENDING_VBV indicates that the transaction requires authentication to complete.
payment.authentication.methodStringHTTP Method for authentication. Can be one of GET or POST (See redirection instructions in the "Handling the Redirection Method" section.)
payment.authentication.urlStringURL to which the user has to be taken to for completing the authentication
payment.authentication.paramsObjectPresent only when the method is POST. This a mapping via a list of key:value pairs that must be sent along with the URL for authentication. Do not hardcode the params in your client * Never assume that you will receive param “x” or param “y”. This is completely dynamic and will vary on a case by case basis.
offer_details: {...}wiObjectwiOffer Details object, which contains the Payment Locking parameters. Allows merchants to block/allow selected payment instruments groupss, and/or specific payment instruments within a selected group to be displayed in the payment page.   (See the "Payment Locking" page for details.)
  APPENDIX   - Payment status codes and meaning:
NEW10Newly created order
PENDING_VBV23Authentication is in progress
CHARGED21Successful transaction
AUTHENTICATION_FAILED26User did not complete authentication
AUTHORIZATION_FAILED27User completed authentication, but bank refused the transaction
JUSPAY_DECLINED22User input is not accepted by the underlying PG
AUTHORIZING28Transaction status is pending from bank

Sample responses are shown in right column for both 'New Card' and 'Saved Card'.

The request consists of Payment Method Details, Card Details (encrypted), and two extra parameters: "card_encoding_version" and "client_enc_key_id".www(click to open tables)     Each parameter in tables is also listed below:
  Payment Method Details:
order_id*StringOrder_id pertaining to the order for which the payment is started.
merchant_id*StringID of the merchant_account that you hold with us.
payment_method_type*StringMust be CARD.
payment_methodStringOne of VISA/MASTERCARD/MAESTRO/AMEX/RUPAY. This is usually inferred from the card number itself and we will take care of this if you are unable to provide this from your end.
redirect_after_payment*BooleanThis is a boolean variable and accepts true/false. We recommend that you set this to true and use the redirection flow. If set to true, then the user is redirected to the return_url configured for the order. If set to false, then the user will be stopped at the response page from the gateway. Your client should be able to read the page/title to infer that the user has completed the transaction.
format*StringIf it is set to json, then the response will be HTTP 200 with a JSON formatted text. Otherwise, the response is HTTP 302 with the Location attribute having the destination URL.
    * = Required
  Card Details:
Card Security Code (CVV) is not required in case of Sodexo saved card transactions.
card_tokenStringRequired for saved card transaction. If obtained using /card/list, then card_number, name_on_card, card_exp_year, and card_exp_month fields are not required. If the token is generated using the /card/tokenize API, card_number, name_on_card, card_exp_year, card_exp_month and card_security_code fields are not required.
Example in encrypted format:
card_number*StringA valid credit/debit card number (encrypted). Not required if card token is used. Prepend "enc-" to the encrypted detail.
Example:   enc-13df32hfjhrf
name_on_card*StringCard holder name. Should contain alphabetical characters only (not encrypted).
card_exp_year*StringRepresents the expiry year of the card as YY (two digits only). When encrypted, prepend "enc-" to the encrypted detail.
Example:   enc-kiujytgrfdxcvbn
card_exp_month*StringRepresents the expiry month of the card as MM (two digits only). When encrypted, prepend "enc-" to the encrypted detail.
Example:   enc-ytgrfdsxfcvbjm
card_security_code*StringCVV of the card (encrypted). Usually three digits. Not required if a card_token was generated using the /card/tokenize API, or in case of SODEXO saved card transactions. Prepend "enc-" to the encrypted detail.
Example:   enc-jhkhgdfszxcf
save_to_lockerBooleanThis is a boolean variable and accepts true/false. If set to true, then the card will be saved in locker when the transaction is successful. Else, the card will not be saved.
  * = Conditionally required if card_token is not used.
card_encoding_version*StringThe version of encryption.
Example:   2021-01-21
client_enc_key_idStringThe Key id provided by Juspay. Required for merchant specific RSA keys
Example:   9999
    * = Required

Sample API requests for 'New Card' and 'Saved Card':

curl --location --request POST 'https://sandbox.juspay.in/txns' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'merchant_id=merchant_success' \
--data-urlencode 'order_id=JP163552819' \
--data-urlencode 'payment_method_type=CARD' \
--data-urlencode 'format=json' \
--data-urlencode 'card_number=enc-Lkhtaxi67b5ycJUa5HK3vfsr1xYiYtRYK0XxnIR2wmo3K4dkovKD3yvrjVlLA99/8qKjxXpasbKDGpJfm+Mx+CR7dKaTgUfvN04pE54kbMQPYRUgHwZ2S2vl8ntxE/5mT9Fu2NfoC8s8xKbFxNQ8tiIQ4SgobS7a95+U/TvJ3iwEPKQwm08SZIKfW+/vpQbYNWC73rFdi59aS9H7aH9d3WyfGfVezxYRF0iRTBgbDUsnvl50ZMRJGPx+hRHgfsktmBfrhfDm9mYaD/0qEYAMXOmfBAk6ruVW5xR7To2Ce/0BBb3fPKIhtYnYNLeFq1L1gJiIdrONCdZxIdfhperwTA==' \
--data-urlencode 'card_exp_month=enc-DmPCnxXjsVcq6jfgsSu8etI1QT4qGyjy8uv0IAIhNLUkF3Mesd0eWIvGstBBa5xiYR5+48mUwrVYH5IsqBMmhqkjkyQ5LjG5+h9AesYUB+eVI6p06Bc4Qr+UBU02gjG/Ex1WmbbD7YQ3FpvWbS/slOv2+zF0Qop5dSoNiY9QdkSD5g18LvVi2d5EGzPA2BoUfHt84btom2zXs/mdMvFStqk0J0S2LlBqUIDVnNYKwQ+54b792Szq+qaiaZqRUWwuHE8RkAiMrU8QkdpjNs5Fi5RuKcRVo1FMfW4s5xocjLp9mkDDW7uuYyYyVQxIXPyTSdwZTNWet/qflh72fDrMlw==' \
--data-urlencode 'card_exp_year=enc-eaOEGCPdV4SYR6gyedXlvHYPcS/pUxo9oyvd8kzpp5/bERyxzzj3KRvQhTk+Vpr5aMGgT+oxkGW8K3JzdVS12AULN4jpZBa9d13HJkj5LTBdsxwivO4vqtDk9y9skDivHBvwRREKB/nzG6DGMYUfM62Pklkt9/TJjqrGTOhOgDbk0C4oTnObiJvzi9EFnwAC/+8usWLEv85BA4p8pGswPY1SZaR/ZlF3PG+vqJoTwu5AKd1WcUbfrl4//XeaCIMb+L3OZ+SvlsE1lNvmOzQV98P1jdijTKjEt8U4nj5wh8uJqssTqr6iKkFCcCanIcATFTEsA0LcWW4BPM4OHlzyHw==' \
--data-urlencode 'card_security_code=enc-eXiNSDcGRnIPzDF2bZqAxNFBIF1FxOdBZ3tmdQn0lcxc4aDucQwefqqzSiYQK1xkPMWw27mKXQsAclwYDQSWAslytyJQYyWFeD0e1eAOVIrf5oqFKxFhKCpj2eeIOglZ9GPRmbu9zwpuVjM68LfUQEDyymwrooQkGILFszxhcKTqMx8q8XExWzRbOufO85z4W7UcbnKCL6u/oOvo+J92bDchRh/JMzDoYLgtdhjUXhfMw92t7TCP3aFjitIOPu9PdQE4N8Fs26GSTrfxmTnvIDZSG5GvndQXoGgg9wA4pXXmb4Sd6qYhstIKzR4dX8Csctc5+H8oOd82du6P3jnPUw==' \
--data-urlencode 'redirect_after_payment=true' \
--data-urlencode 'name_on_card=test' \
--data-urlencode 'card_encoding_version=2021-01-22' \
--data-urlencode 'save_to_locker=true' \
--data-urlencode 'payment_method=MASTER'
curl --location --request POST 'https://sandbox.juspay.in/txns' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'merchant_id=merchant_success' \
--data-urlencode 'order_id=JP1635844655' \
--data-urlencode 'payment_method_type=CARD' \
--data-urlencode 'format=json' \
--data-urlencode 'redirect_after_payment=true' \
--data-urlencode 'card_token=tkn_b095fb09015642ee23r8a80eac166168b0' \
--data-urlencode 'card_security_code=enc-eXiNSDcGRnIPzDF2bZqAxNFBIF1FxOdBZ3tmdQn0lcxc4aDucQwefqqzSiYQK1xkPMWw27mKXQsAclwYDQSWAslytyJQYyWFeD0e1eAOVIrf5oqFKxFhKCpj2eeIOglZ9GPRmbu9zwpuVjM68LfUQEDyymwrooQkGILFszxhcKTqMx8q8XExWzRbOufO85z4W7UcbnKCL6u/oOvo+J92bDchRh/JMzDoYLgtdhjUXhfMw92t7TCP3aFjitIOPu9PdQE4N8Fs26GSTrfxmTnvIDZSG5GvndQXoGgg9wA4pXXmb4Sd6qYhstIKzR4dX8Csctc5+H8oOd82du6P3jnPUw==' \
--data-urlencode 'card_encoding_version=2021-01-22'
Click Try It! to start a request and see the response here!