get
https://api-sandbox.interlace.money/open-api/v3/cards/
Obtain secure card details, including sensitive information such as card number and secure tokens, for specific use cases. Sensitive card information (e.g., full card number, CVV) in the API response is encrypted using the Advanced Encryption Standard (AES) algorithm. The encryption key for AES is derived from the clientSecret. Non-sensitive fields (e.g., card BIN, last 4 digits of the card number) remain in plaintext to ensure business usability, as they do not involve core sensitive data.
💡Important Notice:
🚨 PCI DSS Level 1 Certification Required
This endpoint exposes sensitive card data and is strictly restricted.
- ✅ Only clients with PCI DSS Level 1 Certification may access this API
- ❌ If you are NOT PCI DSS Level 1 certified, DO NOT call this endpoint
Instead, please integrate via Widget.js iframe:
Encryption Specification
- Algorithm: AES
- Mode: ECB
- Padding: PKCS7
- Key:
clientSecret(UTF-8 bytes) - Output Format: Hex string
⚠️ Security Notes
- ECB mode does not use an IV.
- Never expose your
clientSecret.
Decryption Examples
public String decrypt(String secretContent) {
String clientSecret = "your client secret";
byte[] key = clientSecret.getBytes(StandardCharsets.UTF_8);
SymmetricCrypto aes = new SymmetricCrypto(SymmetricAlgorithm.AES, key);
byte[] cipherBytes = HexUtil.decodeHex(secretContent);
return aes.decryptStr(cipherBytes, StandardCharsets.UTF_8);
}