API Reference

ACH Encryption

ACH bank account sensitive data encryption using field level JSON encryption.

Matic REST API support send payment method data (bank account) in a secure way using public key encryption. This is possible in the Create bank account service, where you will need to encrypt the routing_number and account_number fields; all of this following the Field Level Encryption (or FLE) concept.


What is it?

The FLE is an encryption approach that helps to add an additional layer of security that lets you protect specific data throughout system processing so that only certain applications can visualize the contain of the payload in addition to the encryption made by the https protocol at network level.


Why it’s important?

Field-level encryption allows your clients to securely enter sensitive information in the form and encrypt it as soon as they hit submit. The data entered remains encrypted throughout your entire application stack. This encryption ensures that only applications that need the data and have the credentials to decrypt it, are able to do so.


How to do it?

In order to set the correct encrypted value in the account_number and routing_number fields, you need first get your company public key using the Generate encryption key service and you will get an RSA public key in the response. You can use the public key to encrypt your data.


Examples

Depending on the language, a cryptography library may need to be installed.
In these examples, the public key is stored in a file called "key.pub"

import os
import base64
from cryptography.hazmat.primitives.asymmetric import padding
from cryptography.hazmat.primitives import serialization

def encrypt(plain_text: str) -> str:
    rsa_key_location = os.path.join(os.path.dirname(__file__), "key.pub")
    #In this example, the public key is stored in a file called "key.pub"
    with open(rsa_key_location, "rb") as key_file:
        public_key = serialization.load_pem_public_key(key_file.read())
        encrypted_text = public_key.encrypt(
            plain_text.encode(), padding.PKCS1v15()
        )
        return base64.b64encode(encrypted_text).decode()


if __name__ == "__main__":
    routing_number_encrypted = encrypt("053200983")
    account_number_encrypted = encrypt("11101010")
    print(routing_number_encrypted)
    print(account_number_encrypted)

require 'openssl'
require 'base64'
require 'json'

def encrypt(plain_text)
    public_key = OpenSSL::PKey::RSA.new(File.read('key.pub'))
    return Base64.encode64(public_key.public_encrypt(plain_text))
end

routing_number_encrypted = encrypt "053200983"
account_number_encrypted = encrypt "11101010"

print routing_number_encrypted + "\n"
print account_number_encrypted + "\n"


import NodeRSA from 'node-rsa'
import fs from 'fs'

function encrypt(plain_text) {
  const ENCRYPTION_KEY = fs.readFileSync("key.pub", "utf8")

  const key = new NodeRSA(ENCRYPTION_KEY)
  key.setOptions({ encryptionScheme: 'pkcs1' })

  return key.encrypt(plain_text, 'base64')
}

// This string is the value that you must put in the ciphertext field
const routing_number_encrypted = encrypt("053200983");
const account_number_encrypted = encrypt("11101010");
console.log(routing_number_encrypted);
console.log(account_number_encrypted);

<!DOCTYPE html>
<html>
  <head>
    <title>JavaScript RSA Encryption</title>
  </head>
  <body>
    <p>
      This is a basic example with the JSEncrypt CDN, if your frontend uses
      Nodejs you can install https://www.npmjs.com/package/jsencrypt.
    </p>
    <label for="inputPubKey">Public Key</label><br />
    <textarea id="inputPubKey" rows="15" cols="65"></textarea><br />
    <label for="inputData">Data to encrypt:</label><br />
    <textarea id="inputData" name="inputData" rows="15" cols="65"></textarea><br />
    <label for="inputResult">Encrypted data result:</label><br />
    <textarea id="inputResult" name="inputResult" rows="15" cols="65"></textarea><br />
    <button onclick="onSubmit()">Encrypt Data</button>

    <script src="https://cdn.jsdelivr.net/npm/[email protected]/bin/jsencrypt.min.js"></script>
    <script type="text/javascript">
      function onSubmit() {
        const encrypt = new JSEncrypt();

        const inputPubKey = document.querySelector("#inputPubKey").value;
        const inputData = document.querySelector("#inputData").value;

        encrypt.setPublicKey(inputPubKey);
        const encrypted = encrypt.encrypt(inputData);

        document.querySelector("#inputResult").value = encrypted;
      }
    </script>
  </body>
</html>