--- page_title: Card encryption - Standalone Tokenization APIs product: API Reference page_source: https://juspay.io/in/docs/api-reference/docs/tokenization-apis/card-encryption-standalone-tokenization-apis llms_txt: https://juspay.io/in/docs/llms.txt product_llms_txt: https://juspay.io/in/docs/api-reference/llms.txt --- # Card Data Encryption - Standalone Tokenization APIs This script is used to **encrypt card details** and **decrypt the API response using JWE encryption** for standalone API testing. It is primarily used when calling APIs that require encrypted card data, such as[](https://juspay.io/in/docs/api-reference/docs/tokenization-apis/generate-network-token)**[Generate Token](https://juspay.io/in/docs/api-reference/docs/tokenization-apis/generate-network-token)** [](https://juspay.io/in/docs/api-reference/docs/tokenization-apis/generate-network-token)and **[Get Alt ID](https://juspay.io/in/docs/api-reference/docs/tokenization-apis/fetch-alt-id-and-cryptogram-api)** APIs. ## **Step 1: Card Data Preparation** **Prepare your card payload in JSON format:** #### Shell Code Snippet: ```shell { "cardNumber": "5555555555554444", "expMonth": "11", "expYear": "2031", "cardSecurityCode": "123" } ``` ## **Step 2: Encrypt Card Data** **Use the public key to encrypt the above payload. Here’s a simple Python script:** JWE Encryption / Decryption Script – Setup & Run GuideThis script encrypts and decrypts card payloads using **JWE (JSON Web Encryption)** with the **RSA-OAEP-256** algorithm and **A128GCM** encryption.It uses the Python library **jwcrypto** . ### Prerequisites: Make sure the following are installed. **1.Python** Python **3.8+ recommended** Check version: #### Python Code Snippet: ```python python3 --version ``` **2.Install Required Library** Install **jwcrypto** : #### python Code Snippet: ```python pip3 install jwcrypto ``` **3.Required Files** You need the following keys: **FilePurpose:** `Public Key (.pem):Used for encryption``Private Key (.pem)Used for decryption`**4. Update Key Paths in Script** Update the **Juspay** **public key path** inside the encrypt function. Replace: **recipient=loadPem** ('publickeyfilelocation') with: **recipient=loadPem** ('/path/to/publicKey.pem') --- Update the **private key path** inside the decrypt function. Replace: **loadPem** ('privateKeylocation') with: **loadPem** ('/path/to/privateKey.pem') ## **Step 3:** Script: #### python Code Snippet: ```python from jwcrypto import jwk, jwe import json def encrypt(payload): payload = json.dumps(payload) protected_header = { "alg": "RSA-OAEP-256", # Encryption algorithm "enc": "A128GCM", # Content encryption algorithm "kid": "2218168c-ee6b-49d7-a851-8b94e7d0068d" } jwetoken = jwe.JWE(payload.encode('utf-8'), recipient=loadPem('publickeyfilelocation'),# Add juspay public key protected=protected_header) encryptedPayload = jwetoken.serialize(compact=True) return json.dumps({"encData": encryptedPayload}) def loadPem(filePath): # Load a PEM file from a given path with open(filePath, "rb") as pemfile: return jwk.JWK.from_pem(pemfile.read()) def decrypt(encPayload): if type(encPayload) is str: payload = json.loads(encPayload) if payload.get('encData', False): jwetoken = jwe.JWE() jwetoken.deserialize(payload["encData"], key=loadPem('privatekeyfilelocation'))# Add Juspay merchant's private key return json.dumps(json.loads(jwetoken.payload)) return encPayload if __name__ == "__main__": # Encrypt the payload encrypted_data = encrypt('{"cardNumber":"5186001700008785","expMonth": "07","expYear": "2027","cardSecurityCode":"123"}') print("Encrypted data:", encrypted_data) # Decrypted_data the payload decrypted_data = decrypt('{"encData": "eyJhbGciELsnfczgqhZIOM4sz-avv932ZNiKm-G4GEOE_bF_b6QSqiDRn5JzppqNC3kQCRaEQgzZMnir17TK2Z386aF82rfKVaADJl-xGrsRC9dJAAsKomrdwOykkNwonaag9isL8P5EYVhsqY9jCpWzqv4WgwZ5MaMqRvXLj6ju02_m4-n46vpPf01fYYiHTzkb6v9N_W2bTA0-g0eSUi1AUxhhxM9oGwvg5O-tzDB8Z0EW3NQp7Ao-"}') print("Decrypted data:", decrypted_data) ``` ## Download Juspay Public Key Use the following public keys to **encrypt card details before sending requests to Juspay APIs** . ### Sandbox Download the **[Juspay Sandbox Public Key](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/api-reference/sandbox-public-key-kz3yl.pem)** for testing environments. ### Production Download the **[Juspay Production Public Key](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/api-reference/juspay_public_prod-4V3nX.pem)** for production environments. > **Note** > Please download the **private key** from the **respective merchant’s dashboard** . The private key is required to **decrypt the encrypted API response** generated by Juspay. > > ![Image](https://dth95m2xtyv8v.cloudfront.net/tesseract/assets/api-reference/Screenshot%202026-03-11%20at%205.29.46%E2%80%AFPM.png) > *Merchant’s Dashboard* > > > > You can download the key from the following location in the merchant dashboard: > > **Path:** `Settings → Security → RSA Keys` --- ## See Also - [Glossary](https://juspay.io/in/docs/api-reference/docs/direct-otp/glossary) - [Generate Network Token](https://juspay.io/in/docs/api-reference/docs/tokenization-apis/generate-network-token)