Download OpenAPI specification:Download
Enigma Vault encrypts and tokenizes data of all shapes and sizes. Enigma Vault provides the following services:
To get started, head on over to our AWS Marketplace page and select one of our offerings. Once you have credentials, feel free to use the PostMan app or our Swagger UI.
When a card is stored in the vault, the original card information is not retrievable by the client without the cardvault_raw scope (contact support). The CVV's ttl is set to the same ttl as the card unless the card is stored permanently. If the card is stored permanently, the CVV's ttl is set to 30 minutes. The CVV should be deleted immediately after transacting (see the /cardvault/cards/cvv DELETE endpoint). After the CVV's ttl, it automatically gets deleted. After the card's ttl, the card is deleted. To make the card permanent, leave out the ttl property. The full card number can be used through the proxy endpoint. You can get the first six, the last four, full name, and expiration from /cardvault/cards (GET).
| preserveFormat | boolean If true, a Luhn passable token is returned consisting of the original first six and last four. |
| x-api-version required | string Default: 1.11 The requested API version |
Card information.
| ccn required | string <credit-card> non-empty ^\d+$ Card number. |
| fullName required | string [ 2 .. 30 ] characters Full name located on the card. |
| expMonth required | integer <int32> [ 1 .. 12 ] Expiration month. |
| expYear required | integer <int32> ^\d{4}$ Expiration year. |
| cvv | string or null^\d{3}$|^\d{4}$ Card verification value (security code). This value is not stored permanently. |
| cardType required | string [ 1 .. 30 ] characters Type of card (amex, diners_club_carte_blanche, diners_club_international, jcb, laser, visa_electron, visa, mastercard, discover, dankort, maestro, uatp, mir). |
| cvvTtl required | integer <int32> [ 0 .. 1800 ] Remaining ttl before the CVV gets deleted. |
| ttl | integer or null <int32> [ 60 .. 1800 ] The card's time to live in seconds. Once expired the card is deleted from the vault. |
| referenceId | string or null [ 1 .. 128 ] characters Customer or other internal reference identifier |
{- "ccn": "4111111111111111",
- "fullName": "Edward E Nigma",
- "expMonth": 12,
- "expYear": 9999,
- "cvv": "123",
- "cardType": "visa",
- "cvvTtl": 60,
- "ttl": 1800,
- "referenceId": "1234567ABCD"
}{- "token": "81524853-1a19-4bd6-9ba4-70f54dce30a2da13543e-6b8e-4fa9-9af5-ef8c1e4aae87"
}Provides card data. The first six and the last four are included in the response. The ttl values represent the time remaining in seconds until that item is purged. the original card information is not retreivable by the client without the cardvault_raw scope (contact support). If you have the proper scope, use the cardvault/raw/cards endpoint.
| ephemeralKey | string <uuid> Expiring key for temporary access. |
| cardToken | string [ 13 .. 72 ] characters Card token. |
| referenceId | string [ 1 .. 128 ] characters Customer or other internal app reference. |
| x-api-version required | string Default: 1.11 The requested API version |
[- {
- "firstSix": "411111",
- "lastFour": "1111",
- "ccn": "4111111111111111",
- "expMonth": 12,
- "expYear": 9999,
- "fullName": "Edward E Nigma",
- "cardType": "visa",
- "token": "string",
- "cvvTtl": 60,
- "ttl": 60
}
]Returns an empty 204 response on success.
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
{ }Special endpoint to retreive raw card data. It can only be used with the cardvault_raw scope.
| ephemeralKey | string <uuid> Expiring key for temporary access. |
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "ccn": "4111111111111111",
- "fullName": "Edward E Nigma",
- "expMonth": 12,
- "expYear": 9999,
- "cvv": "123",
- "cardType": "visa",
- "cvvTtl": 60,
- "ttl": 1800,
- "referenceId": "1234567ABCD"
}The ephemeralKey is a one time transaction use expiring key that allows an external client to use a temporary card token. The token guid, tokenGuid, is used wherever a token is normally used. The destinationClientId is a valid Enigma Vault clientId of the destination app. The time to live (ttl) is in seconds.
| destinationClientId required | string Enigma Vault client granted use of the ephemeralKey. |
| ttl | integer <int32> [ 60 .. 1800 ] Time to live in seconds, max of 1800 seconds. This is only applicable when the card has a ttl of 0 (permanent). Otherwise the ephemeralKey ttl is set to the card ttl. |
| cardToken required | string [ 13 .. 72 ] characters Reference to the vaulted card. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "ephemeralKey": "b99b4ad0-2c32-4db8-bc03-283f420a3549",
- "tokenGuid": "6a0a72b6-07c0-422f-9829-81a41809163a"
}The card's time to live in seconds. Once expired the card is deleted from the vault. If -1, the card lives forever until manually deleted.
| ephemeralKey | string <uuid> Expiring key for temporary access. |
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "cvvTtl": 1800,
- "ttl": 1800
}Adjusts the time (seconds) until deletion. Additional time cannot be added to the CVV's ttl.
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
New card ttl value.
| ttl required | integer <int32> [ 60 .. 1800 ] The card's time to live in seconds. Once expired the card is deleted from the vault. If -1, card lives forever until manually deleted. |
{- "ttl": 1800
}{ }Returns an empty 204 response on success.
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
{ }This endpoint allows you to use a stored card without touching the card data. Simply follow the documentation provided by your payment/gateway processor. When finished transacting, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint.
| ephemeralKey | string <uuid> Expiring key for temporary access. |
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
Payment info for the designated gateway / processor.
| amount required | number <double> |
| configId required | string non-empty Configuration Id from the saved configuration with the developer portal. |
| currency | string or null Currency code. |
| address | string or null Card holder address. |
| address2 | string or null Card holder address 2. |
| city | string or null Card holder city. |
| stateProvince | string or null Card holder state or province. |
| country | string or null Card holder country. |
| zipPostal | string or null Card holder zip or postal code. |
| company | string or null Your company name. |
| customerID | string or null CustomerID can be used with most processors but the length and format differ. |
| description | string or null Description of the transaction. |
string or null Card holder email address. | |
| orderID | string or null A reference ID for the order. |
| terminalNumber | integer <int32> Number of the terminal. |
| testMode | boolean Set to true to utilize the sandbox gateway (where applicable). |
| referrer | string or null Sets the value of the referrer HTTP header which is required and validated by some payment systems prior to accepting the transaction. This value must match with the value set in the payment system's admin settings. |
| transactionID | string or null Reference ID up to 20 characters for Authorize and Sale transactions, and when working with profile. For PostAuthorize, Refund (credit) and Void, the TransactionID must set to the transaction ID of a transaction previously authorized by the gateway. |
| transactionType | string or null Supports Sale, Authorize, PostAuthorize (Settle), Void, Refund (Credit) and Force. For PostAuthorize, Void and Refund, TransactionID should be set to the transaction id of the original charge. |
| authCode | string or null Populates the return Authorization_Num value which is used when processing a PostAuthorize, refund or Void of the original transaction. |
| agentBankNumber | integer <int32> A 6-digit number contains an agent number assigned by the signing member or processor. |
| agentChainNumber | integer <int32> A 6-digit number contains a merchant chain identification number assigned by the signing member or processor. |
| merchantName | string or null The merchant name as provided by the signing member or processor. (up to 25 characters) If the property is set to a value more than 25 characters |
| merchantCity | string or null The merchant location/city provided by the signing member or processor. |
| merchantPhone | string or null Customer Service Phone Number |
| merchantState | string or null The merchant state/province code provided by the signing member or processor.(2-character) |
| merchantZipPostal | string or null Within the United States, the 5 or 9-character numeric zip code of the address of the store location is used. Outside the United States, this property is assigned by the signing member or processor. |
| merchantCountry | string or null Merchant country code |
| storeNumber | integer <int32> 4 digit store number |
| merchantEmail | string or null Merchant email |
| merchantUrl | string or null Merchant url |
| accountID | string or null Account ID |
{- "amount": 0,
- "configId": "string",
- "currency": "string",
- "address": "string",
- "address2": "string",
- "city": "string",
- "stateProvince": "string",
- "country": "string",
- "zipPostal": "string",
- "company": "string",
- "customerID": "string",
- "description": "string",
- "email": "string",
- "orderID": "string",
- "terminalNumber": 0,
- "testMode": true,
- "referrer": "string",
- "transactionID": "string",
- "transactionType": "string",
- "authCode": "string",
- "agentBankNumber": 0,
- "agentChainNumber": 0,
- "merchantName": "string",
- "merchantCity": "string",
- "merchantPhone": "string",
- "merchantState": "string",
- "merchantZipPostal": "string",
- "merchantCountry": "string",
- "storeNumber": 0,
- "merchantEmail": "string",
- "merchantUrl": "string",
- "accountID": "string"
}{- "authCode": "string",
- "transactionID": "string",
- "responseCode": 0,
- "referenceNumber": "string",
- "avsCode": "string",
- "errorCode": "string",
- "errorMessage": "string"
}This endpoint allows you to use a stored card without touching the card data. Build out the request meant for the upstream url and then use the following placeholders to have the endpoint populate them with card data: ${ccn}, ${cvv}, ${fullName}, ${lastName}, ${firstName}, ${cardType}, ${mm}, ${yy}, and ${yyyy}. Supports GET/PUT/POST/DELETE. When finished transacting, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint.
| ephemeralKey | string <uuid> Expiring key for temporary access. |
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
Token and gateway information.
| url required | string <uri> non-empty URL to use on the payment gateway request. |
| httpMethod required | string non-empty ^GET$|^PUT$|^POST$|^DELETE$/i HTTP method to use on the payment gateway request. |
Array of objects or null (HeadersModel) Headers to use on the payment gateway request. | |
| body | string or null Body to use on the payment gateway request. |
{- "httpMethod": "POST",
- "headers": [
- {
- "name": "Content-type",
- "value": "application/json"
}
], - "body": "{\"createTransactionRequest\":{\"merchantAuthentication\":{\"name\":\"XXXXXXXXX\",\"transactionKey\":\"XXXXXXXXXXX\"},\"refId\":\"123456\",\"transactionRequest\":{\"transactionType\":\"authOnlyTransaction\",\"amount\":\"5.50\",\"payment\":{\"creditCard\":{\"cardNumber\":\"${ccn}\",\"expirationDate\":\"${yyyy}-${mm}\",\"cardCode\":\"999\"}},\"billTo\":{\"firstName\":\"${firstName}\",\"lastName\":\"${lastName}\",\"company\":\"Souveniropolis\",\"address\":\"14 Main Street\",\"city\":\"Pecan Springs\",\"state\":\"TX\",\"zip\":\"44628\",\"country\":\"USA\"}}}}"
}{- "headers": [
- {
- "name": "Content-type",
- "value": "application/json"
}
], - "statusCode": 200,
- "contentType": "application/json",
- "body": "{\"transactionResponse\":{\"responseCode\":\"1\",\"authCode\":\"AKXD8T\",\"avsResultCode\":\"Y\",\"cvvResultCode\":\"P\",\"cavvResultCode\":\"2\",\"transId\":\"60159519275\",\"refTransID\":\"\",\"transHash\":\"\",\"testRequest\":\"0\",\"accountNumber\":\"XXXX1111\",\"accountType\":\"Visa\",\"messages\":[{\"code\":\"1\",\"description\":\"This transaction has been approved.\"}],\"transHashSha2\":\"\",\"SupplementalDataQualificationIndicator\":0,\"networkTransId\":\"0V3X5LPO079GCBFQM2B348D\"},\"refId\":\"123456\",\"messages\":{\"resultCode\":\"Ok\",\"message\":[{\"code\":\"I00001\",\"text\":\"Successful.\"}]}}"
}The card store form allows your app to store and later use customer card data without touching it. After the cardTtl expires, the card is deleted. If the user decides to save the card, the card is stored permanently. If you're seeking to permanently store the card outside of a transaction (wallet style), set walletSave to true. When finished transacting, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint. If you set walletSave to true, the buttonText and cardTtl are overriden. If walletSave is true the CVV isn't requested. If you intend to use the card in a transaction within 30 minutes, set walletSave to false. On callback, your app will receive via POST the card token within the parameter eVtoken. If the customer chooses to cancel or if the form timeouts, the evException parameter will contain the reason. For cancels, evException's value will be 'cancel'. For timeouts, evException's value will be 'timeout'. If embedFormForControl is set to true, pass 'submit' as a message over to the iframe to submit the form. On response, the parent will receive an object that consists of the status, the token, and CardModel object. There are multiple ways to integrate the card store form. You can use it within a popup, redirect, simple iframe, or iframe where the parent page has control to submit the form. You can find example code for the advanced iframe integration on GitHub.
| showTimer required | boolean Show or hide the timer. |
| showCard required | boolean Show or hide the card visual. |
| walletSave required | boolean Make true to store the card in your app's wallet. This overrides the cardTtl and buttonText values. The CVV isn't requested if true. If you intend to use the card in a transaction within 30 minutes, set walletSave to false. |
| embedFormForControl required | boolean If true, it removes its buttons and any additional padding/spacing, and enables the windows interface for 2-way comms. |
| ttl required | integer <int32> [ 60 .. 1800 ] Form session time to live in seconds. After it expires, the form can no longer be used. |
| cardTtl | integer <int32> [ 60 .. 1800 ] The card's time to live in seconds (60-1800 secs). Once expired the card is deleted from the vault. Use the /cardvault/cards/ttl endpoint to extend it. This field is required if walletSave is false. |
| preserveFormat | boolean If true, a Luhn passable token is returned consisting of the original first six and last four. |
| cardTypes | string Card types, comma delimited. Omit for any card. (amex, diners_club_carte_blanche, diners_club_international, jcb, laser, visa_electron, visa, mastercard, discover, dankort, maestro, uatp, mir). |
| callbackUrl | string <uri> URL the user is redirected to after storing the card. |
| parentUrl | string <uri> The parent page URL. The store form uses it when embedFormForControl is true to communicate with the parent window. |
| pageHeader | string [ 3 .. 35 ] characters Configurable page header. |
| css | string [ 3 .. 1024 ] characters CSS to customize the web form. |
| language | string^en|es|fr|zh-Hans|pt-BR$ Default: "en" The language to use on the form. Currently en (English), es (Spanish), fr (French), pt-BR (Portuguese-Brazil), and zh-Hans (Chinese simplified) are available. |
| submitButtonText | string [ 0 .. 20 ] characters Default: "Save" Text of the submit button. |
| referenceId | string [ 1 .. 128 ] characters Customer or other internal app reference. |
| x-api-version required | string Default: 1.11 The requested API version |
{
}The CVV store form allows your app to temporarily store the CVV until you're finished transacting. When finished, delete the CVV by using the /cardvault/cards/cvv DELETE endpoint. The CVV ttl is set to the card's ttl. If the card has a ttl of -1, the CVV ttl will be set to 1800 seconds. If autoSave is true, the callback will not trigger so the client app will need to verify the cvv ttl for its existence. There are multiple ways to integrate the cvv form. You can use it within a popup, redirect, simple iframe, (previous 3 can use autosave) or iframe where the parent page has control to submit the form. You can find example code for the advanced iframe integration on GitHub.
| showTimer required | boolean Show or hide the timer. |
| showCancelButton required | boolean Show or hide the cancel button. |
| autoSave required | boolean If true, the buttons and header are removed, and cvv will be autosaved after user entry. The callback will not trigger so the client app will need to verify the cvv ttl for its existence. |
| embedFormForControl required | boolean If true, it removes its buttons and any additional padding/spacing, and enables the windows interface for 2-way comms. |
| callbackUrl | string <uri> URL the user is redirected to after storing the card. |
| parentUrl | string <uri> The parent page URL. The store form uses it when embedFormForControl is true to communicate with the parent window. |
| pageHeader | string [ 3 .. 35 ] characters Configurable page header. |
| css | string [ 3 .. 1024 ] characters CSS to customize the web form. |
| language | string^en|es|fr|zh-Hans|pt-BR$ Default: "en" The language to use on the form. Currently en (English), es (Spanish), fr (French), pt-BR (Portuguese-Brazil), and zh-Hans (Chinese simplified) are available. |
| submitButtonText | string [ 0 .. 20 ] characters Default: "Submit" Text of the submit button. |
| cardToken required | string [ 13 .. 72 ] characters Card token. |
| x-api-version required | string Default: 1.11 The requested API version |
{
}| cultureCode | string ISO 639-1 (language) and ISO 3166-1 (country) code. |
| x-api-version required | string Default: 1.11 The requested API version |
[- {
- "cultureCode": "en-US",
- "cultureName": "English (United States)",
- "currencySymbol": "$"
}
]Supports up to 5,000 plaintext objects per request. Plaintext strings must be less than 1000 characters in length. The customIdentifier attribute ties your unencrypted data to the tokens. The customIdentifier is not stored within the vault.
| deterministicToken | boolean Returns a deterministic token instead of an arbitrary/unique token |
| x-api-version required | string Default: 1.11 The requested API version |
Your secrets to vault.
| plaintext required | string [ 1 .. 1000 ] characters Secret text to vault. |
| customIdentifier | string or null [ 0 .. 100 ] characters Client provided identifier tying the tokens back to some other client data. |
[- {
- "plaintext": "Super secret info",
- "customIdentifier": "123"
}
][- {
- "token": "81524853-1a19-4bd6-9ba4-70f54dce30a2da13543e-6b8e-4fa9-9af5-ef8c1e4aae87",
- "customIdentifier": "123"
}
]The ephemeralKey is a one time use expiring key that allows an external client to obtain the token's secret. To generate one, use the datavault/secrets/ephemeralKey endpoint.
| token required | string [ 72 .. 120 ] characters Reference to the vaulted secret. |
| ephemeralKey | string <uuid> One time use expiring key. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "plaintext": "Super secret info"
}Exact matches will only be returned and is case sensitive. This endpoint will not return a deterministic token.
| x-api-version required | string Default: 1.11 The requested API version |
Text to search within the vault. Exact matches will only be returned and is case sensitive.
| plaintext required | string [ 1 .. 1000 ] characters Secret text. |
{- "plaintext": "Super secret info"
}[- {
- "token": "81524853-1a19-4bd6-9ba4-70f54dce30a2da13543e-6b8e-4fa9-9af5-ef8c1e4aae87"
}
]The ephemeralKey is a one time use expiring key that allows an external client to obtain the token's secret. The destinationClientId is a valid Enigma Vault clientId of the destination app. The time to live (ttl) is in seconds. This endpoint does not currently work with deterministic tokens.
| token required | string = 72 characters Reference to the vaulted secret. |
| destinationClientId required | string Enigma Vault client granted use of the ephemeralKey. |
| ttl required | integer <int32> [ 1 .. 300 ] Time to live in seconds, max of 300. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "ephemeralKey": "b99b4ad0-2c32-4db8-bc03-283f420a3549",
- "tokenGuid": "6a0a72b6-07c0-422f-9829-81a41809163a"
}The url is used to upload (PUT) a file into the vault. The url has an exipration of five minutes. The file size cannot exceed 5 gigabytes. A websocket url is provided so that the status of the file can be tracked in realtime.
| contentType required | string [ 3 .. 255 ] characters The MIME type associated with the file. |
| fileExtension required | string^[0-9a-zA-Z]{1,10}$ The file extension without the leading . |
| x-api-version required | string Default: 1.11 The requested API version |
{- "fileName": "b99b4ad0-2c32-4db8-bc03-283f420a3549.pdf",
- "wsUrl": "wss://filestatus-api.enigmavault.io?fileName=b99b4ad0-2c32-4db8-bc03-283f420a3549.pdf&sessionId=abcdefg"
}This endpoint has been deprecated because the file status is now provided through a websocket API.
| fileName required | string^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]... Tokenized file name. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "fileStatus": "string"
}The url is used to download the file out of the vault. The url has an exipration of five minutes. When aSync is set to true for large files, a websocket API url is returned so that the file status can be monitored in real time. When the file is finished decrypting, the download url is provided through the websocket connection.
| fileName required | string^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]... Tokenized file name. |
| aSync required | boolean Set to true to decrypt large files; you'll use the websocket API for notifications. |
| ephemeralKey | string <uuid> One time use expiring key. |
| x-api-version required | string Default: 1.11 The requested API version |
{
}On successful deletion, a 204 response is returned.
| fileName required | string^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]... Tokenized file name. |
| x-api-version required | string Default: 1.11 The requested API version |
The ephemeralKey is a one time use expiring key that allows an external client to obtain a download url. The destinationClientId is a valid Enigma Vault clientId of the destination app. The time to live (ttl) is in seconds.
| fileName required | string^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]... Tokenized file name. |
| destinationClientId required | string Enigma Vault client granted use of the ephemeralKey. |
| ttl required | integer <int32> [ 1 .. 300 ] Time to live in seconds, max of 300. |
| x-api-version required | string Default: 1.11 The requested API version |
{- "ephemeralKey": "b99b4ad0-2c32-4db8-bc03-283f420a3549",
- "tokenGuid": "6a0a72b6-07c0-422f-9829-81a41809163a"
}