Guides

Sending Card Data

Suggest Edits

Overview

There two broad options for how you can send card data to Knot when integrating the CardSwitcher product. The first options is to send the card data in JSON to a secure endpoint and the 2nd is to send the card data encrypted in a public JWE key.

Neither option is more or less secure than the other, both maintain strict handling of the card data to comply with PCI guidelines, and both are valid options for sending card data to Knot.

Option 1

This option is often chosen by those integrating with Knot that already have a vault set up with a PCI-compliant vendor such as Very Good Security (VGS) or Basis Theory.

  1. Set up a route to Knot's Switch Card endpoint from the vault that stores card data at your PCI-compliant vendor.
  2. When you receive the authenticated webhook, make a request to the vault.
  3. The vault provider will send the necessary card data to Knot's Switch Card endpoint in JSON.
  4. Knot receives the card data to the aforementioned endpoint. This endpoint is controlled by Knot's PCI-compliant vendor which stores the data and proxies it to Knot via an alias. Card data is never processed or stored outside PCI-compliant vendor environments.

After card data is used for a card switch, it is explicitly deleted from the PCI-compliant vendor's vault within milliseconds.

You can also request to enable Mutual Transport Layer Security (mTLS) for the Switch Card endpoint as an additional security measure if desired.

VGS 1-Click Route Setup

This section may be relevant if you already or plan to use VGS as your vault provider to store card data.

Knot partners with VGS (a PCI-compliant vendor) to streamline the process of sending card data in a PCI-compliant manner as part of your integration with Knot.

Within your VGS account online, you can setup an outbound route to Knot's Switch Card endpoint. VGS specifies how to set up an outbound connection to a 3rd party (in this case Knot) here. Doing so will allow you to automatically route card data stored in your VGS vault to Knot. To make this process even easier, in the "Addons" section of your vault in your VGS account online, you will find a set of "route templates." You can search for and select the "KnotAPI" route template to get started.

Option 2

In this option, you can encrypt the JSON payload of card data in a JWE format prior to sending it to Knot.

  1. Get a JWE public key from Knot's Retrieve JWK endpoint.
  2. Encrypt the JSON string payload of the card data with the JWE public key (referenced here).
  3. Send the encrypted payload to Switch Card (JWE).
  4. Knot sends the encrypted data (the JWE) to a PCI-compliant vendor's environment.
  5. Knot receives an alias associated with the encrypted card data.

Like in option 1, card data is never processed or stored outside PCI-compliant vendor environments. Furthermore, after card data is used for a card switch, it is explicitly deleted from the PCI-compliant vendor's vault within milliseconds.

Updated 11 days ago