Card Public Key

API data

API Gateway
This API is used for payment gateway operations:

Get RSA public key

Returns the RSA public key for the authenticated client, used to encrypt sensitive card data on the frontend.

GET /v1/cards/public-key

Via REST request without a body:

Request
GET /v1/cards/public-key
Authorization: Bearer {your_token}

PROPERTY	DESCRIPTION	TYPE	LOCATION	REQUIRED
Authorization	API authentication token	string	header	yes

The process to obtain the RSA public key follows these steps:

Client request: The authenticated client calls /v1/cards/public-key.
Key generation/retrieval: The system generates (or retrieves) an RSA private key linked to the client.
Public key returned: The corresponding public key is returned for use in encrypting card data.

Success response
{
  "key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA..."
}

PROPERTY	DESCRIPTION	TYPE
key	RSA public key in PEM format for encrypting card data	string

CODE	DESCRIPTION
401	Not authenticated
400	Error generating or retrieving key
500	Internal error

The public key should be used to encrypt card data before sending it to the following payment routes:

Get the public key: Call this endpoint before starting the payment flow.
Encrypt the data: Use the public key to encrypt sensitive card data on the frontend.
Send the payment: Use the encrypted data in the payment routes listed above.

Security

RSA encryption ensures sensitive card data is protected during transmission, following best practices for online payments.

For questions or issues, visit the support section in Sopague.