Splitit Side: Downloading Encrypted Reports

For security reasons, your organization may require you to download your reports from Splitit in a PGP-encrypted format. In order to accomplish this, you will need to provide Splitit with a public key that it can use to encrypt the reports and make them available for download. You can then decrypt the reports on your system with your matching private key.

Things to know:

It is recommended that you rotate your key(s) periodically, i.e. every three to six months.
Splitit uses the most recent (non-expired) public key on your account to encrypt your reports (make sure to not have duplicates or empty expiration dates)
The reports are signed using Splitit's private key for your merchant
For any debugging and issues, please preserve the response header x-splitit-traceid

Instructions

Authentication

Begin by authenticating to the Splitit ID server, using the instructions here. You'll receive a token in the response.

Provide a Public Key

Add the token from step 1 in your header, then call Rotate Public Key, and provide a PGP public key that you have generated on your system. The body to send is as follows:

{
  "OwnerCode": "string", // provided by Splitit support
  "Usage": [
    "Reports"
  ],
  "Type": "Pgp",
  "PublicKey": "{a PGP key you generated}",
  "ExpirationUtc": "2024-07-06T15:46:26.409Z" // When you'd like your key to expire (if you don't set this, a default value will be set by Splitit)
}

You should now be able to download encrypted and signed reports.

Instructions​

Authentication​

Provide a Public Key​

Instructions

Authentication

Provide a Public Key