Skip to main content

Overview

The Encryption class provides utilities for encrypting payment parameters before sending them to Flutterwave. This is a critical security feature that protects sensitive customer data during transmission.
Always encrypt payment parameters containing sensitive information such as card details, PINs, and account numbers.

Class: Encryption

Method: encryptParameters(JSONObject params)

Encrypts payment parameters for standard transactions. Parameters:
  • params: JSONObject containing the payment parameters to encrypt
Returns: String - Base64-encoded encrypted message Automatic Additions:
  • Automatically adds PBFPubKey to the parameters

Method: encryptParametersPreAuth(JSONObject params)

Encrypts parameters specifically for pre-authorization transactions. Parameters:
  • params: JSONObject containing the pre-auth parameters to encrypt
Returns: String - Base64-encoded encrypted message

Core Encryption Functions

getKey(String seedKey)

Generates an encryption key from your secret key. Parameters:
  • seedKey: Your Flutterwave secret key
Returns: String - Generated encryption key
This method is called internally by encryptParameters() and encryptParametersPreAuth(). You typically don’t need to call it directly.

encryptData(String message, String encryptionKey)

Encrypts data using Triple DES (3DES) encryption. Parameters:
  • message: The stringified JSON data to encrypt
  • encryptionKey: The encryption key generated by getKey()
Returns: String - Base64-encoded encrypted data Encryption Details:
  • Algorithm: DESede (Triple DES)
  • Mode: ECB
  • Padding: PKCS5Padding

Usage Example

Security Best Practices

Never log or display encrypted data in production environments. This example prints the encrypted message for demonstration purposes only.

Do’s

  • Always encrypt sensitive payment data before transmission
  • Store your secret key securely (use environment variables)
  • Use HTTPS for all API communications
  • Validate and sanitize input data before encryption
  • Rotate your API keys periodically

Don’ts

  • Never hardcode API keys in your source code
  • Don’t log unencrypted sensitive data
  • Don’t share encryption keys across different environments
  • Avoid storing unencrypted PINs or card details
  • Never expose your secret key in client-side code
The library automatically includes your public key (PBFPubKey) in the encrypted payload. You don’t need to add it manually to the params object.

When to Use Encryption

Encrypt your parameters when:
  • Charging cards with PIN
  • Processing account payments with sensitive data
  • Handling direct debit transactions
  • Submitting pre-authorization requests
  • Any transaction requiring customer authentication

Technical Details

Encryption Process

  1. Key Generation: The getKey() method creates a 24-byte encryption key from your secret key using MD5 hashing
  2. Data Preparation: Payment parameters are converted to a JSON string
  3. Encryption: Data is encrypted using Triple DES in ECB mode with PKCS5 padding
  4. Encoding: Encrypted bytes are Base64-encoded for safe transmission

Algorithm Specifications

  • Hash Algorithm: MD5 (for key derivation)
  • Encryption Algorithm: 3DES (Triple DES)
  • Key Length: 168 bits (24 bytes)
  • Block Cipher Mode: ECB
  • Padding: PKCS5
  • Encoding: Base64
The encryption implementation complies with Flutterwave’s security requirements and is designed to protect data in transit.

Next Steps

Card Payments

Learn how to process encrypted card payments

Account Payments

Implement encrypted account charging

Preauthorization

Handle pre-authorization transactions

Configuration

Secure your API credentials