Plexy
Pay APIGate APIDashboard
Pay APIGate APIDashboard
  1. Direct Payments
  • Overview
  • Authorization
  • Webhooks
  • API Errors
  • Test Scenarios
  • Ecommerce Plugins
  • API
    • Payments
      • Overview
      • Payment Links
        • Create Payment Link
        • List Payment Links
        • Retrieve Payment Link by Order Reference
        • Cancel Payment Link
        • Retrieve Payment Link
        • Update Payment Link Expiration
        • Retrieve Payment Links Statistics
      • Reccurent Payments
        • Create Merchant-Initiated Payment
      • Direct Payments
        • Get Keys
          GET
        • Create Host-to-Host Payment
          POST
      • Transaction Management
        • Find Transaction's History by ID
        • Find Transaction by Payment Link ID
        • Find Transaction by ID
        • Find Transaction by Order reference
      • Payment Management
        • Cancel Payment
        • Capture Payment
        • Process Refund
      • Split Requests
        • Create
        • List
        • Update
        • Get By Id
        • Delete
      • Settlement Payment Order
        • Create
        • Get by id
        • List
    • Payouts
      • Retrieve Payout Transactions
      • Process Payout
      • Save Card for Payouts
    • Customers
      • Get Customer's Card Tokens
      • List Customers
      • Create Customer
      • Get Customer by ID
      • Get Customer's Transactions
    • Merchants
      • Payment Beneficiary
        • Create
        • Update
        • Gey By Id
        • List
        • Transfer from beneficiary balance to merchant balance
        • Create manual settlement for beneficiary
      • Retrieve Merchant's Details
  • Client SDK
    • Server flow
      • Advanced server flow
      • Session server flow
    • Web
      • Web Drop-in
      • Web Components
    • Flutter
      • Flutter Drop-in
      • Flutter Components
  • Schemas
    • Schemas
      • response.TransactionList
      • entity.SplitRequest
      • entity.PaymentBeneficiary
      • request.CreatePaymentBeneficiary
      • entity.SettlementPaymentOrder
      • entity.PayoutRequest
      • entity.PayoutRequestRowData
      • command.HandleThreeDResult
      • domain.Report
      • entity.CardSaveSessionCustomer
      • entity.Permission
      • entity.UserProfile
      • entity.UserRole
      • errors.Message
      • errors.Source
      • errors.Type
      • git_plexypay_com_ecom_back_api_internal_domain_view.Page-domain_Report
      • git_plexypay_com_ecom_back_api_internal_domain_view.Page-entity_UserProfile
      • git_plexypay_com_ecom_back_api_internal_platform_errors.Code
      • models.CSVApiRequest
      • models.CreateBussinessDetails
      • models.KeyResponse
      • models.OnboardingRequest
      • models.Transaction
      • paymentcore.Address
      • paymentcore.CustomerDetails
      • request.AuthorizePayment
      • request.BrowserDetails
      • request.CardData
      • request.ChangeUserRole
      • request.ContinueThreeDS
      • request.CreateCardSaveSession
      • request.CreateInviteSession
      • request.CreatePaymentLink
      • request.CreatePaymentLinkMetadata
      • request.HandlePayout
      • request.MerchantInitiatedPayment
      • request.PasswordRequest
      • request.Recurring
      • request.RefundPayment
      • request.SaveCard
      • request.SaveOneCustomer
      • request.TwoStepAuthorizePayment
      • request.UpdateMerchantSettingsRequest
      • request.UpdatePaymentLink
      • response.AcquirerResponseThreeDSecure
      • response.AuthorizeAndCapturePayment
      • response.AuthorizePayment
      • response.CancelPaymentResponse
      • response.CapturePaymentResponse
      • response.ContinueThreeDS
      • response.Currency
      • response.Customer
      • response.CustomerTransaction
      • response.CustomerTransactions
      • response.Customers
      • response.Error
      • response.Merchant
      • response.MerchantInitiatedPayment
      • response.MerchantSettings
      • response.PaymentLink
      • response.PaymentLinkInfo
      • response.PaymentLinkMetadata
      • response.PaymentLinksInfo
      • response.PaymentLinksStatistics
      • response.PaymentLinksStatisticsItem
      • response.Payout
      • response.Permission
      • response.RefundPaymentResponse
      • response.Report
      • response.SavedCard
      • response.Session
      • response.Settlement
      • response.SettlementTransaction
      • response.Store
      • response.Stores
      • response.Transaction
      • response.TransactionDetails
      • response.TransactionEvents
      • response.TransactionHistoryEvent
      • response.TransactionHistoryEventData
      • response.TransactionResponse
      • response.TransactionWebhookDetails
      • response.Transactions
      • response.UpdateMerchantSettingsResponse
      • response.UserProfile
      • value.PaymentMethod
    • receipt
    • Error
    • DecimalAmount
    • ProductType
    • ProductCategory
    • Product
    • Order
    • AgentBalance
    • AgentDeposit
    • TopupRequest
    • CreateOrderRequest
Pay APIGate APIDashboard
Pay APIGate APIDashboard
  1. Direct Payments

Get Keys

GET
https://api.plexypay.com/v1/keys

/keys — Card encryption key for H2H payments#

This endpoint returns a public encryption key that you must use to encrypt raw card data before initiating a host-to-host (H2H) card transaction.
It is used only as a preparatory step for H2H card payments and is not intended for tokenization, card storage, or any other purpose.

How to use the /keys endpoint for H2H transactions#

1.
Call GET /keys and obtain the current card encryption public key`.
2.
On your side (client or backend), encrypt each sensitive card field separately using the returned key.
3.
Send the encrypted values in your H2H payment request (for example, /payments), instead of raw card data.
This flow ensures that raw card data never leaves your environment in plaintext.

Card fields that must be encrypted#

You must encrypt each of the following card fields individually:
Raw fieldEncrypted field nameNotes
cardNumberencryptedCardNumberPAN (primary account number).
expiryMonthencryptedExpiryMonthTwo-digit format: "01" … "12".
expiryYearencryptedExpiryYear"YY" or "YYYY" format, as agreed in integration.
cardholderNameencryptedCardholderNameAs printed on the card, if collected.
cvvencryptedCvvCVV / CVC / security code.
Each encrypted field must contain the Base64-encoded RSA ciphertext of the corresponding raw value.

Example of final encrypted card payload#

{
  "encryptedCardNumber": "<Base64 of RSA(cardNumber)>",
  "encryptedExpiryMonth": "<Base64 of RSA(expiryMonth)>",
  "encryptedExpiryYear": "<Base64 of RSA(expiryYear)>",
  "encryptedCardholderName": "<Base64 of RSA(cardholderName)>",
  "encryptedCvv": "<Base64 of RSA(cvv)>"
}
You will typically include this object (or its fields) inside the body of your H2H payment request.

Encryption requirements#

Algorithm#

RSA

Padding mode#

PKCS#1 v1.5

Output encoding#

Take the RSA-encrypted byte array (ciphertext).
Encode it as Base64.
Send the Base64 string in the corresponding encrypted* field.
INFO
The /keys endpoint does not perform any payment or card validation.
It only provides the public key used to prepare card data for secure H2H transactions.

Request

Authorization

Responses

🟢200Success
text/plain
Body

Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request GET 'https://api.plexypay.com/v1/keys'
Response Response Example
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rd08SGThWKMdqWYUOJo
pOeQJKdH5zkpVf5UU6bM5QwGtIidXtmWvct53Ko2NKLy55GCfLKDM/Zk0KwHUUVh
tnnkZmlWuT/z7Y97jHCd3x7ZKa+dKHbdFSo1C4x3TfY9SSjkzWQFThxRj9Dqk6cb
T+K0RGNq/rbKiBgjjkebUyJTPCQrzV0e4p8zB6gjVPQk7Dm3tBDP0WUNsN/B7Rxe
j09ofuyoZ7ez55uYGRsHsMB8cErkBUd6omzMaqd5PCeYqmlW8a3puBT8F5sipv16
UZFtlEXrpK8kP/RckdG2X5ITyGo9coQNiXJuddALBWn6rNdmpZShOaA1YUMe73SM
owIDAQAB
-----END PUBLIC KEY-----
Modified at 2025-12-11 09:10:06
Previous
Direct Payments
Next
Create Host-to-Host Payment
Built with