Skip to main content

Merchant Side: Encrypting Your API Requests with MLE

You may wish to completely encrypt the content of the communications you send to Splitit. You can achieve this with message-level encryption (MLE). With MLE, you encrypt your communications using Splitit's public key, which Splitit then decrypts on the other end with the corresponding private key.

Things to note:

  • MLE only works with API V3
  • For the sake of debugging and support, please note and preserve response headers with x-splitit-traceid

Instructions

  1. Begin by authenticating to the Splitit ID server, using the instructions here. You'll receive a bearer token in the response.

  2. Attach the bearer token to your header and then generate a key pair using the Key Exchange API and the following body:

{
"OwnerCode": "string", //given to you by Splitit support
"Type": "RSA",
"Length": 2048,
"Usage": ["MessageLevelEncryption"],
"ExpirationUtc": "2024-07-06T15:46:26.409Z" // when you'd like your key to expire (if you don't set this, a default value will be set by Splitit)
}

You will receive a Key ID and a Splitit public key in response.

  1. Use JWE and the public key to encrypt your communication, making sure to use the RSA-OAEP-256 algorithm for encryption. Your message bodies should be formatted according to the JWE standard and should include your Key ID from step 2 under the header kid.

  2. Send your encrypted message to an endpoint on Splitit's API V3, making sure to add the header: Content-Type: application/jose+json.