SDKs

JavaScript SDK

You can use our JavaScript SDK to:

  • Encrypt data client-side
  • Collect or display senitive data with UI Components

Quickstart

Installation

Our JavaScript SDK is distributed from our CDN and can be loaded with a simple script tag. The SDK must be loaded directly from our CDN and cannot be bundled with your application or self hosted.

Asynchronous Loading

You can load the SDK asynchronously using the async attribute on the script tag to prevent blocking the loading of your page. However, it is important to note that you will need to wait for the SDK to load before making any API calls.

Initialize

Once loaded, you can initialize the Evervault SDK with your Team and App ID found in the Evervault Dashboard.

Full example

Pulling all of this together leaves us with the following working example. You can copy and paste the code below (using your own Team ID and App ID), run it in your own environment and run the encryption and decryption for yourself.


Reference

Evervault(appId, teamId)

Creates an instance of the Evervault SDK using your Team and App ID.

Parameters
teamIdRequired

The ID of your Evervault team. This can be found inside of your team settings on the Evervault dashboard.

appIdRequired

The ID of your Evervault app. This can be found inside of your app settings on the Evervault dashboard.

Asynchronous initialization

You can also initialize the SDK asynchronously using the init method.


evervault.encrypt(data)

Encrypts data using Evervault Encryption.

The encrypted data can be stored in your database or file storage as normal. Evervault Strings can be used across all of our Primitives. Evervault File Encryption is currently in Beta, and files can only be decrypted with Relay.

Parameters
dataRequiredString | Data | File | Blob

The data to encrypt.


evervault.decrypt(token, data)

Decrypts data previously encrypted with an Evervault SDK or Primitive.

The decrypt() function uses Client-Side Tokens. The token can be generated using our backend SDKs or through our REST API.

The payload must be the same payload that was used to create the token and expires in a maximum of 10 minutes depending on the expiry set when creating the token.


evervault.ui.card(options)

Initializes a Card UI Component. The Card component makes it easy to collect and encrypt card data in a completely PCI-compliant environment.

Arguments
options.theme

Allows you to completely customize the appearance of the component. See the Styling section for more details.

options.iconsBoolean | Record<brand, string>

If set to true, the component will display icons for the detected card brand. You can customize icons by passing an object with the brand as the key and src URL as the value.

options.autoFocusBoolean

If set to true, the component will automatically steal focus when it mounts.

options.acceptedBrandsString

When set to a value in the supported cards list, the component will be restricted to that brand.

options.fieldsString[]

Allows you to configure the fields displayed in the component. Possible values are 'name', 'number', 'expiry', and 'cvc'. By default only 'number', 'expiry' and 'cvc' will be shown.

options.translations

Allows you to customize the text shown inside of the component.

card.mount()

Mounts the component to a given DOM node.

card.on('change')

Subscribe to changes made to the component. The encrypted card details can be accessed from the payload passed to the callback.

The change event will fire any time there is a state update in the component. This includes when the user types in a field, looses focus on a field, or when an error is displayed.

Payload
card

Information about the entered card, including meta data as well as the encrypted number aned CVC.

errors{ [field]: String }

Validation errors related to the card details.

isValidBoolean

Whether or not there are any errors shown. Validation occurs as the user looses focus on a field. You can force validation to occur with the .validate method.

Note: This field represents if there are any errors shown, not if the card details are valid. You should use the isComplete field to determine if the user has successfully entered a valid card.

isCompleteBoolean

Whether or not all of the fields have been filled out successfully with valid values.

card.on('complete')

The complete event will fire once the user has successfully filled out all fields in the Card Component with valid values.

Payload
card

Information about the entered card, including meta data as well as the encrypted number aned CVC.

errors{ [field]: String }

Validation errors related to the card details.

isValidBoolean

Whether or not there are any errors shown. Validation occurs as the user looses focus on a field. You can force validation to occur with the .validate method.

isCompleteBoolean

Whether or not all of the fields have been filled out successfully with valid values.

card.on('ready')

The ready event will be fired once the component has fully loaded and is ready to be displayed. This is often used to show a loading state while the component loads.

card.on('error')

The error event will be fired if the component fails to load. If you want to respond to validation errors you should use the change event instead.

card.on('swipe')

Subscribe to swipe events from card readers. The encrypted card details can be accessed from the payload passed to the callback. The component must have focus for the card reader event to be detected.

Payload
payload

Information about the card, including meta data as well as the encrypted number.

card.update()

Update the configuration for the component after it has been initialized. Any arguments passed will be merged with the arguments passed when the component was initialized.

Arguments
options.theme

Allows you to completely customize the appearance of the component. See the Styling section for more details.

options.autoFocusBoolean

If set to true, the component will automatically steal focus when it mounts.

options.fieldsString[]

Allows you to configure the fields displayed in the component. Possible values are 'name', 'number', 'expiry', and 'cvc'. By default only 'number', 'expiry' and 'cvc' will be shown.

options.translations

Allows you to customize the text show inside of the component.

card.validate()

Manually trigger validation for the card details fields. This method is useful if you want to force validation to display error messages inside of the component. This is an asynchronous operation and will not return an immediate result. You can use the validate event to listen for the result of calling this method.

card.unmount()

Removes the component from the DOM.


evervault.ui.threeDSecure(session, options)

The ThreeDSecure component can be used in combination with the Evervault API to perform 3D Secure authentication. In order to use the ThreeDSecure component you must first create a 3D Secure session on your backend and pass it to your frontend. The component will display the 3D Secure iframe and handle the authentication process.

Arguments
sessionRequiredString

The 3D Secure session ID. A 3D Secure session can be created using the Evervault API.

options.theme

Allows you to customize the appearance of the component. See the Styling section for more details.

Note: You can't customize the appearance of the iframe content itself. This is controlled by the card issuer.

options.size{ width: string, height: string }

This size of the 3D Secure iframe. Card issuers are required to support content at 250x400, 390x400, 500x600, 600x400. The default size is 500x600.

options.failOnChallengeBoolean | () => Boolean | () => Promise<Boolean>

If set to true, the component will fail 3DS authentication when a challenge is requested and no challenge will be shown. Alternatively, you can provide a function which will be called when a challenge is requested. If the function returns true 3DS authentication will fail, if it returns false the challenge will be shown.

threeDSecure.mount(selector)

Mounts the component to the DOM. If no selector is provided the component will be rendered as a modal window.

Arguments
selectorString

The DOM node to mount the component to.

threeDSecure.on('success')

The 'success' event will be fired once the 3D Secure authentication process has been completed successfully. You should use this event to trigger your backend to finalize the payment. Your backend can use the Retrieve 3DS Session endpoint to retrieve the cryptogram for the session and complete the payment.

Note: The component is automatically unmounted after the 'success' event is fired.

threeDSecure.on('failure')

The 'failure' event will be fired if the 3D Secure authentication process fails. You should use this event to handle the failure and inform the user and prompt them to try again.

Note: The component is automatically unmounted after the 'failure' event is fired.

threeDSecure.on('ready')

The ready event will be fired once the component has fully loaded and is ready to be displayed. This is often used to show a loading state while the component loads.

threeDSecure.on('error')

The error event will be fired if the component fails to load.

Payload
error.code

The error code.

error.message

The error message.

threeDSecure.update(options)

Update the configuration for the component after it has been initialized. Any arguments passed will be merged with the arguments passed when the component was initialized.

Arguments
options.theme

Allows you to customize the appearance of the component. See the Styling section for more details.

Note: You can't customize the appearance of the iframe content itself. This is controlled by the card issuer.

options.size{ width: string, height: string }

This size of the 3D Secure iframe. Card issuers are required to support content at 250x400, 390x400, 500x600, 600x400. The default size is 500x600.

threeDSecure.unmount()

Removes the component from the DOM.

Frictionless-only 3D-Secure

In some cases, you may want to avoid adding friction into the payment process by automatically failing 3D-Secure when a challenge is requested. You can do this by setting the failOnChallenge option to true. This will prevent the challenge from being shown to the user and will automatically mark the 3D Secure Session as failed.

Alternatively, you can pass a function to the failOnChallenge option to determine if the challenge should be shown on a per transaction basis.

Frictionless-only 3D Secure is not permitted for EU-based transactions.


evervault.ui.pin(options)

Initializes a Pin UI Component. The Pin component allows you to collect and encrypt pin numbers in a completely PCI-compliant environment.

Options
theme

Allows you to completely customize the appearance of the component. See the Styling section for more details.

autoFocusBoolean

If set to true, the component will automatically steal focus when it mounts.

lengthNumber | Default: 4

Change the length of the pin number.

modenumeric | alphanumeric

If set to 'alphanumeric' the pin number will also accept letters as input.

pin.mount()

Mounts the component to a given DOM node.

pin.on('change')

Subscribe to changes made to the Pin component. The encrypted pin can be accessed from the payload passed to the callback.

Payload
valueString

The encrypted pin number.

isCompleteBoolean

Whether or not the pin number field is complete.

pin.on('complete')

The 'complete' event will be fired once the pin number field has been fully filled out by the user.

Payload
valueString

The encrypted pin number.

isCompleteBoolean

Whether or not the pin number field is complete.

pin.on('ready')

The ready event will be fired once the component has fully loaded and is ready to be displayed. This is often used to show a loading state while the component loads.

pin.on('error')

The error event will be fired if the component fails to load.


evervault.ui.reveal(request)

Initializes a Reveal UI Component. The Reveal component allows you to display previously encrypted card data to your users in plaintext in a secure iframe hosted by Evervault. Before using Reveal you'll first need to have a JSON endpoint to retrieve data from. This is often your own API endpoint combined with Relay to decrypt previously encrypted data from your database or a third-party API.

It is important that the endpoint that you create sets the applicable CORS headers so that it can be accessed from the Reveal iframe. Otherwise your requests will fail!

reveal.on('ready')

The ready event will be fired once the request has been completed and all reveal consumer components are ready to be shown.

reveal.on('error')

The error event will be fired if the Reveal Component fails to load or the passed request fails.

reveal.text(JSONPath, options)

Creates a Reveal Text consumer. The Reveal Text consumer allows you to render a selected field from the request response.

Arguments
JSONPathString

A JSON path selector for the response field you want to display.

options.theme

Allows you to completely customize the appearance of the component. See the Styling section for more details.

options.format

Allows you to use regex matching to format the field value.

text.mount()

Mounts the Reveal Text component to a given DOM node.

text.unmount()

Removes the Text Component from the DOM.

reveal.copyButton(JSONPath, options)

Creates a Reveal Copy Button consumer. This renders a button which when clicked will copy a response field to the users clipboard.

Arguments
JSONPathString

A JSON path selector for the response field you want to display.

options.theme

Allows you to completely customize the appearance of the component. See the Styling section for more details.

options.text

The text to display inside of the button.

options.icon

A URL encoded image to display inside of the button.

options.format

Allows you to use regex matching to format the field value.

copyButton.mount()

Mounts the component to a given DOM node.

copyButton.on("copy")

The "copy" event will be fired when ever the user clicks the button and copies the value to their clipboard.

copyButton.unmount()

Removes the component from the DOM.

evervault.ui.themes

Provides access to the built-in UI Component themes. See the UI Components Styling section for more details.

Content Security Policy (CSP)

If you are using a Content Security Policy (CSP), you will need to add the following directives to allow the Evervault SDK to function correctly.