get
https://api-sandbox.interlace.money/open-api/v3/cards/
Obtain secure card details, including sensitive information such as card number and secure tokens, for specific use cases. Sensitive card information (e.g., full card number, CVV) in the API response is encrypted using the Advanced Encryption Standard (AES) algorithm. The encryption key for AES is derived from the clientSecret. Non-sensitive fields (e.g., card BIN, last 4 digits of the card number) remain in plaintext to ensure business usability, as they do not involve core sensitive data.
💡Important Notice:
- Access to this endpoint is strictly restricted. Only clients with a valid PCI DSS Level 1 Certification are permitted to retrieve sensitive card information.
- If PCI DSS Level 1 Certification is NOT available, click here to integrate with Widget.js iframe as an alternative.
Encryption Specification
- Algorithm: AES
- Mode: ECB
- Padding: PKCS7
- Key:
clientSecret(UTF-8 bytes) - Output Format: Hex string
⚠️ Security Notes
- ECB mode does not use an IV.
- Never expose your
clientSecret.
Decryption Examples
public String decrypt(String secretContent) {
String clientSecret = "your client secret";
byte[] key = clientSecret.getBytes(StandardCharsets.UTF_8);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
byte[] cipherBytes = HexUtil.decodeHex(secretContent);
return aes.decryptStr(cipherBytes, StandardCharsets.UTF_8);
}