Merchant Side: Encrypting Your API Requests with MLE
You may wish to completely encrypt the content of the communications you send to Splitit. You can achieve this with message-level encryption (MLE). With MLE, you encrypt your communications using Splitit's public key, which Splitit then decrypts on the other end with the corresponding private key.
Things to note:
- MLE only works with API V3
- For the sake of debugging and support, please note and preserve response headers with x-splitit-traceid
Instructions
-
Begin by authenticating to the Splitit ID server, using the instructions here. You'll receive a bearer token in the response.
-
Attach the bearer token to your header and then generate a key pair using the Key Exchange API and the following body:
{
"OwnerCode": "string", //given to you by Splitit support
"Type": "RSA",
"Length": 2048,
"Usage": ["MessageLevelEncryption"],
"ExpirationUtc": "2024-07-06T15:46:26.409Z" // when you'd like your key to expire (if you don't set this, a default value will be set by Splitit)
}
You will receive a Key ID and a Splitit public key in response.
-
Use JWE and the public key to encrypt your communication, making sure to use the RSA-OAEP-256 algorithm for encryption. Your message bodies should be formatted according to the JWE standard and should include your Key ID from step 2 under the header kid.
-
Send your encrypted message to an endpoint on Splitit's API V3, making sure to add the header: Content-Type: application/jose+json.