Guides
Start typing to search…

Retrieve sensitive card details

For security reasons, sensitive card details, such as cvv and card_number, are encrypted when you use the Get card endpoint. To securely access the information, use Rivest-Shamir-Adleman (RSA) encryption.

Generate RSA key pair

Before requesting sensitive card details, generate an RSA key pair on your client. The key pair consists of:

  • Private key: Keep this secure on your server and never transmit it
  • Public key: You'll encode and send this to Gravv in the API request

You can generate an RSA key pair using tools available in most programming languages.

Encode the public key

After generating your RSA key pair, extract the public key and encode it to base64. This encoded value is what you'll send in the API request header.

The public key modulus is the large number that forms part of your RSA public key.

Request encrypted card details

Send the base64-encoded public key modulus in the X-Client-Public-Key header when requesting sensitive card details:

curl --request GET \
     --url https://api.gravv.xyz/v1/cards/<card id>/sensitive-details \
     --header 'Api-Key: <Api Key>' \
     --header 'X-Client-Public-Key: MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA...' \
     --header 'content-type: application/json' \
     --data '{}'

Replace MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA... with your actual base64-encoded public key modulus.

You will receive encrypted card details in the response:

{
  "data": {
    "ciphertext": "IjBkZlJMWUVXMzJ5MjdySzhWQlp1WHM5N1hzZ0szNGFSb1VScTJrbDhyazkzSmUrM0lTTXNiOCs4bmo2MW9LdDYxdkN0d0w1NSI=",
    "encrypted_key": "IkUxdXhGa2c3ekpVaUJmWFlhcnVhM0dZRyt1amZJczBpMDJsak85QnIvVjkzSGxvWWxDNk1xaVlyYkNGQnJtTHFkVkwybmlFbkxDemliOUoweWI3RTg5YUFvTEZncmFkNFV0Z2cvV1ZUK29HbGZPZWRJVnREU1ZvSmNWaDMrSExnSUMybnBaTWJkelpualB6b21PcThCcGpNN09yWG1FeHUvd3pHblhpYXIyRT0i",
    "nonce": "Img2M29JSVVESTZ2aS90S2si"
  },
  "error": null
}

Decrypt sensitive card details

After receiving the encrypted response, decrypt the sensitive card details using your RSA private key.

The following guides provide complete decryption implementations with sample code for each language:

Golang

Decrypt card details using Go's crypto package with RSA-OAEP and AES-GCM.

Python

Decrypt card details using Python's cryptography library.

JavaScript

Decrypt card details using Node.js crypto module with RSA and AES-GCM.

Updated 13 days ago