Example Use Cases
iframe-Based Secure Tokenization/Detokenization Processing
Start by creating a Template via the ShieldConex® Manager, specifying the fields you'd like to tokenize. Below is a sample payment form. Instructions for creating a Template like this can be found in the Quickstart Guide of the Getting Started page.
Screenshot of Example Payment Form
Next, create a Proxy Configuration, again using the ShieldConex® Manager. This will extract, detokenize, and proxy the data securely. Instruction for creating a Proxy Configuration is also detailed in the Quickstart Guide. An example of Proxy Configuration can be seen below.
{
"proxy": {
"method": "post",
"target": "{The target URL/IP Address}",
"authorization": {
"type": "passthrough"
},
"logSettings": {
"requestMasks": [
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CCN",
"pattern": "all"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.Expiry",
"pattern": "all"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CVV",
"pattern": "all"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.BAN",
"pattern": "all"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.RTN",
"pattern": "all"
}
],
"responseMasks": [
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Result.Secret",
"pattern": "all"
}
]
}
},
"actions": [
{
"type": "shieldconex",
"authorization": {
"type": "basic",
"username": "{partnerID}",
"password": "{partnerKey}"
},
"templateRef": "{templateRef}",
"method": "detokenize",
"model": "sync",
"substitutions": [
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CCN",
"fieldName": "scx_token_card_number"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.Expiry",
"fieldName": "scx_token_card_expiration"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CVV",
"fieldName": "scx_token_card_verification"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.BAN",
"fieldName": "scx_token_bank_account_number"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.RTN",
"fieldName": "scx_token_bank_routing_number"
}
]
}
]
}
The client can then tokenize and retrieve sensitive data through the onToken iframe event, an example of which can be seen in the source code supplied below, on line 96 of the file PaymentFormScript.js. The tokens can then be read via the ShieldConex® tokenization service, by way of the CURL command given in the token-read.sh shell script below.
From this point on, the client will include these tokens, along with other necessary payload elements, in the data sent to the ShieldConex® Proxy. ShieldConex® then performs detokenization - seen in the given proxy-detokenize.sh shell script - and forwards the payload to the designated endpoint.
Check out the links below for the sample source code. As well as an example of a Payment Form, we have included a sample User Form example.
API-Based Tokenization and Detokenization Processing
For this example use case, we create a Proxy Configuration, again using the ShieldConex® Manager. This will extract, detokenize, and proxy the data securely. Instruction for creating a Proxy Configuration is also detailed in the Quickstart Guide. An example of Proxy Configuration can be seen below.
To demonstrate this, we will use Track2 data such as CCN, EXP, CVV.
{
"proxy": {
"method": "post",
"target": "{The target URL/IP Address}",
"authorization": {
"type": "passthrough"
},
"logSettings": {
"requestMasks": [
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CCN",
"pattern": "all"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.Expiry",
"pattern": "all"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CVV",
"pattern": "all"
}
],
"responseMasks": [
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Result.Secret",
"pattern": "all"
}
]
}
},
"actions": [
{
"type": "shieldconex",
"authorization": {
"type": "basic",
"username": "{partnerID}",
"password": "{partnerKey}"
},
"templateRef": "{templateRef}",
"method": "detokenize",
"model": "sync",
"substitutions": [
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CCN",
"fieldName": "card_number"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.Expiry",
"fieldName": "card_exp"
},
{
"transformationSource": "body",
"transformationType": "jsonpath",
"transformationPath": "$.Card.CVV",
"fieldName": "card_cvv"
}
]
}
]
}
We set up a simple local server with express with the sqlite3 database to show how this process may look in a real world example.
First, we first the sensitive card data from a file we then tokenize and re-insert into the database. This "devalues" the sensitive data stored; The token and a BFID are returned for storage.
The token and a BFID returned for storage
Tokens and BFIDs reinserted into the database
To emulate the billing cycle, we setup the Process Payments that retrieves the ShieldConex token and BFID from storage and sends it to the ShieldConex Proxy for detokenization. The response is proxied back to the Client.
Updated 22 days ago