API Reference
API ReferenceRecipesChangelogCommunity
Start typing to search…

PCI Helper - RSA

RSA (Rivest–Shamir–Adleman) is a secure method to transmit sensitive cardholder data to TabaPay without storing or directly handling unencrypted Primary Account Numbers (PAN)s. RSA uses a public key to encrypt and a private key to decrypt. This ensures that even if intercepted, the card data cannot be read without the private key, maintaining PCI-DSS compliance and protecting cardholder information in transit.

Why RSA?

RSA is the most widely used asymmetric algorithm. It ensures that unencrypted card details are never exposed during transmission and can help maintain PCI-DSS compliance.

What data do I encrypt?

Unencrypted Card Data Format

CardNumber|ExpirationDate|SecurityCode

  • No spaces
  • Pipe symbol (|) delimited
  • Expiration Date, Security Code optional

Examples

CardNumber, ExpirationDate, SecurityCode

4000056655665556|202512|123

  • CardNumber is 4000056655665556
  • ExpirationDate is 202512
  • SecurityCode is 123

CardNumber, ExpirationDate, NO SecurityCode

4000056655665556|202512|

  • CardNumber is 4000056655665556
  • ExpirationDate is 202512
  • SecurityCode is blank

CardNumber, NO ExpirationDate, NO SecurityCode

4000056655665556||

  • CardNumber is 4000056655665556
  • ExpirationDate is blank
  • SecurityCode is blank

RSA FAQs

Using Encrypted Data in the TabaPay API Calls doesn't seem to be working?

Make sure you are using RSA with the Transformation of RSA/ECB/OAEPWithSHA-256AndMGF1Padding and the language you are using supports the correct (common usage) implementation of that transform.

Receiving a SC=500?

If you pass in an Encrypted Data that was encrypted incorrectly, you will get a SC=500.

What languages (and libraries, if any) work (or tested)?

We have first hand knowledge that the following languages (and libraries, if any) works:

  • Java with a slight tweak using the built in RSA encryption
  • Go using the built in RSA encryption
  • JavaScript on a browser using the Web Cryptography API which is available in (all) modern browsers
    and we have heard others using the following languages (and libraries, if any):
  • .NET
    and other applications (or libraries):
  • OpenSSL
Can I have more than 2 active keys?

We have found 2 active keys is plenty for production environments. The key you are using is just a Public Key, so security shouldn't be an issue.

Since we can only have 2 active Keys, can the Key expire in more than 1 year?

No, due to PCI Compliance.

Recipe

14. Create Pull Transaction with RSA Token
Open Recipe