Client-Side Encryption with Braintree.js
Braintree.js offers the simplest and most performant integration to Braintree. Sensitive-data is encrypted by the Braintree.js library in your customer’s browser before being sent to your server. This means your customer can complete their sale with only one HTTPS request, which leads to faster page loads and more customers completing their purchases. Additionally, encrypting data in your customer’s browser prevents sensitive data from ever residing on your server - enabling you to easily achieve PCI compliance and provide ironclad security.
With Braintree.js you also have full flexibility when implementing your payment form - submitting your payment form with AJAX is a breeze. Finally, Braintree.js enables you to use the same server side code for customers making purchases in the browser and on mobile platforms.
How It Works
Client-Side Encryption allows you to encrypt sensitive payment information for processing by the Braintree payment gateway. It is designed for use in conjunction with Braintree’s client libraries. The encryption libraries will take data (usually submitted through a form on a mobile device or merchant-hosted website) and encrypt it using the public key of an asymmetric key pair. On your server, you will use our client library to send the encrypted data to the Braintree Gateway. Once encrypted, the data may only be decrypted using the private key stored on the Braintree gateway. When encrypted data is transmitted to the Braintree gateway, it is decrypted and processed as usual.
Which Fields to Encrypt
You should encrypt any potentially sensitive information related to customer payment methods, including:
- credit card number
- expiration date
Whether the client is an application on a mobile device using iOS/Android, or a web browser, the client has the following minimum requirements:
- gets user input (typically via a form)
- uses Braintree client side encryption library to encrypt sensitive user input
- forwards encrypted data via HTTPS request to the merchant server.
The server acts as a middleman between the client application and the Braintree gateway.
- receives encrypted user input from the client application
- forwards encrypted requests to the Braintree gateway via one of the Braintree client libraries.
- returns response information from the gateway to the client application
Encrypted parameters are handled exactly the same as unencrypted parameters in the client libraries. To see an example of how to pass parameters to the Braintree gateway, see the client library documentation for the library of your choice: