PHPackages mastercard/client-encryption - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. mastercard/client-encryption AbandonedArchivedLibrary[API Development](/categories/api) mastercard/client-encryption ============================ Library for Mastercard API compliant payload encryption/decryption. v1.5.0(3y ago)396.1k—7%5MITPHP Since Apr 16Pushed 2y ago11 watchersCompare [ Source](https://github.com/Mastercard/client-encryption-php)[ Packagist](https://packagist.org/packages/mastercard/client-encryption)[ RSS](/packages/mastercard-client-encryption/feed)WikiDiscussions main Synced 1mo ago READMEChangelog (8)Dependencies (6)Versions (9)Used By (0) client-encryption-php ===================== [](#client-encryption-php) [![](https://camo.githubusercontent.com/aef30b99431db5b1f418fef7d137db79c301353f1a093a042c7434a9b26a3e94/68747470733a2f2f646576656c6f7065722e6d6173746572636172642e636f6d2f5f2f5f2f7372632f676c6f62616c2f6173736574732f7376672f6d636465762d6c6f676f2d6461726b2e737667)](https://developer.mastercard.com/) [![maintenance-status](https://camo.githubusercontent.com/a9b9316b0dd923c93b326ea82f12466136f253ede16b6ff8b787945e0bf17b74/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6d61696e74656e616e63652d646570726563617465642d7265642e737667)](https://github.com/Mastercard/.github/blob/main/CLIENT_LIBRARY_DEPRECATION_POLICY.md)[![](https://github.com/Mastercard/client-encryption-php/workflows/Build%20&%20Test/badge.svg)](https://github.com/Mastercard/client-encryption-php/actions?query=workflow%3A%22Build+%26+Test%22)[![](https://camo.githubusercontent.com/97b850599816cc8086f5e0c3d933e6ac094a3987784d95725888db0ae16fd550/68747470733a2f2f736f6e6172636c6f75642e696f2f6170692f70726f6a6563745f6261646765732f6d6561737572653f70726f6a6563743d4d6173746572636172645f636c69656e742d656e6372797074696f6e2d706870266d65747269633d616c6572745f737461747573)](https://sonarcloud.io/dashboard?id=Mastercard_client-encryption-php)[![](https://github.com/Mastercard/client-encryption-php/workflows/broken%20links%3F/badge.svg)](https://github.com/Mastercard/client-encryption-php/actions?query=workflow%3A%22broken+links%3F%22)[![](https://camo.githubusercontent.com/005dc575041fd50be34761618cad8c993850811501603b21ef324b757da45da7/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6d6173746572636172642f636c69656e742d656e6372797074696f6e2e737667)](https://packagist.org/packages/mastercard/client-encryption)[![](https://camo.githubusercontent.com/07a7d0169027aac6d7a0bfa8964dfef5fbc40d5a2075cabb3d8bc67e17be3451/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d79656c6c6f772e737667)](https://github.com/Mastercard/client-encryption-php/blob/master/LICENSE) Table of Contents ----------------- [](#table-of-contents) - [Overview](#overview) - [Compatibility](#compatibility) - [References](#references) - [Versioning and Deprecation Policy](#versioning) - [Usage](#usage) - [Prerequisites](#prerequisites) - [Adding the Library to Your Project](#adding-the-library-to-your-project) - [Loading the Encryption Certificate](#loading-the-encryption-certificate) - [Loading the Decryption Key](#loading-the-decryption-key) - [Performing Field Level Encryption and Decryption](#performing-field-level-encryption-and-decryption) - [Performing JWE Encryption and Decryption](#performing-JWE-encryption-and-decryption) - [Integrating with OpenAPI Generator API Client Libraries](#integrating-with-openapi-generator-api-client-libraries) Overview --------------------------------------------- [](#overview-) Library for Mastercard API compliant payload encryption/decryption. ### Compatibility [](#compatibility-) PHP 7.0+ ### References [](#references-) [![Encryption of sensitive data](https://user-images.githubusercontent.com/3964455/55345820-c520a280-54a8-11e9-8235-407199fa1d97.png)](https://user-images.githubusercontent.com/3964455/55345820-c520a280-54a8-11e9-8235-407199fa1d97.png) ### Versioning and Deprecation Policy [](#versioning-and-deprecation-policy-) - [Mastercard Versioning and Deprecation Policy](https://github.com/Mastercard/.github/blob/main/CLIENT_LIBRARY_DEPRECATION_POLICY.md) Usage --------------------------------------- [](#usage-) ### Prerequisites [](#prerequisites-) Before using this library, you will need to set up a project in the [Mastercard Developers Portal](https://developer.mastercard.com). As part of this set up, you'll receive: - A public request encryption certificate (aka *Client Encryption Keys*) - A private response decryption key (aka *Mastercard Encryption Keys*) ### Adding the Library to Your Project [](#adding-the-library-to-your-project-) ``` composer require mastercard/client-encryption ``` ### Loading the Encryption Certificate [](#loading-the-encryption-certificate-) A certificate resource can be created from a file by calling `EncryptionUtils::loadEncryptionCertificate`: ``` use Mastercard\Developer\Utils\EncryptionUtils; // … $encryptionCertificate = EncryptionUtils::loadEncryptionCertificate(''); ``` Supported certificate formats: PEM, DER. ### Loading the Decryption Key [](#loading-the-decryption-key-) #### From a PKCS#12 Key Store [](#from-a-pkcs12-key-store) A private key resource can be created from a PKCS#12 key store by calling `EncryptionUtils::loadDecryptionKey` the following way: ``` use Mastercard\Developer\Utils\EncryptionUtils; // … $decryptionKey = EncryptionUtils::loadDecryptionKey( '', '', ''); ``` #### From an Unencrypted Key File [](#from-an-unencrypted-key-file) A private key resource can be created from an unencrypted key file by calling `EncryptionUtils::loadDecryptionKey` the following way: ``` use Mastercard\Developer\Utils\EncryptionUtils; // … $decryptionKey = EncryptionUtils::loadDecryptionKey(''); ``` Supported RSA key formats: - PKCS#1 PEM (starts with '-----BEGIN RSA PRIVATE KEY-----') - PKCS#8 PEM (starts with '-----BEGIN PRIVATE KEY-----') - Binary DER-encoded PKCS#8 ### Performing Field Level Encryption and Decryption [](#performing-field-level-encryption-and-decryption-) - [Introduction](#introduction) - [Configuring the Field Level Encryption](#configuring-the-field-level-encryption) - [Performing Encryption](#performing-encryption) - [Performing Decryption](#performing-decryption) - [Encrypting Entire Payloads](#encrypting-entire-payloads) - [Decrypting Entire Payloads](#decrypting-entire-payloads) - [Using HTTP Headers for Encryption Params](#using-http-headers-for-encryption-params) #### Introduction [](#introduction-) The core methods responsible for payload encryption and decryption are `encryptPayload` and `decryptPayload` in the `FieldLevelEncryption` class. - `encryptPayload` usage: ``` use Mastercard\Developer\Encryption; // … $encryptedRequestPayload = FieldLevelEncryption::encryptPayload($requestPayload, $config); ``` - `decryptPayload` usage: ``` use Mastercard\Developer\Encryption; // … $responsePayload = FieldLevelEncryption::decryptPayload($encryptedResponsePayload, $config); ``` #### Configuring the Field Level Encryption [](#configuring-the-field-level-encryption-) Use the `FieldLevelEncryptionConfigBuilder` to create `FieldLevelEncryptionConfig` instances. Example: ``` use Mastercard\Developer\Encryption; // … $config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig() ->withEncryptionCertificate($encryptionCertificate) ->withDecryptionKey($decryptionKey) ->withEncryptionPath('$.path.to.foo', '$.path.to.encryptedFoo') ->withDecryptionPath('$.path.to.encryptedFoo', '$.path.to.foo') ->withOaepPaddingDigestAlgorithm('SHA-256') ->withEncryptedValueFieldName('encryptedValue') ->withEncryptedKeyFieldName('encryptedKey') ->withIvFieldName('iv') ->withFieldValueEncoding(FieldValueEncoding::HEX) ->build(); ``` See also: - [FieldLevelEncryptionConfig.php](https://github.com/Mastercard/client-encryption-php/blob/master/src/Developer/Encryption/FieldLevelEncryptionConfig.php) for all config options - [Service Configurations for Client Encryption PHP](https://github.com/Mastercard/client-encryption-php/wiki/Service-Configurations-for-Client-Encryption-PHP) #### Performing Encryption [](#performing-encryption-) Call `FieldLevelEncryption::encryptPayload` with a JSON request payload and a `FieldLevelEncryptionConfig` instance. Example using the configuration [above](#configuring-the-field-level-encryption): ``` use Mastercard\Developer\Encryption; // … $payload = '{ "path": { "to": { "foo": { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } } } }'; $encryptedPayload = FieldLevelEncryption::encryptPayload($payload, $config); echo (json_encode(json_decode($encryptedPayload), JSON_PRETTY_PRINT)); ``` Output: ``` { "path": { "to": { "encryptedFoo": { "iv": "7f1105fb0c684864a189fb3709ce3d28", "encryptedKey": "67f467d1b653d98411a0c6d3c…ffd4c09dd42f713a51bff2b48f937c8", "encryptedValue": "b73aabd267517fc09ed72455c2…dffb5fa04bf6e6ce9ade1ff514ed6141" } } } } ``` #### Performing Decryption [](#performing-decryption-) Call `FieldLevelEncryption::decryptPayload` with a JSON response payload and a `FieldLevelEncryptionConfig` instance. Example using the configuration [above](#configuring-the-field-level-encryption): ``` use Mastercard\Developer\Encryption; // … $encryptedPayload = '{ "path": { "to": { "encryptedFoo": { "iv": "e5d313c056c411170bf07ac82ede78c9", "encryptedKey": "e3a56746c0f9109d18b3a2652b76…f16d8afeff36b2479652f5c24ae7bd", "encryptedValue": "809a09d78257af5379df0c454dcdf…353ed59fe72fd4a7735c69da4080e74f" } } } }'; $payload = FieldLevelEncryption::decryptPayload($encryptedPayload, $config); echo (json_encode(json_decode($payload), JSON_PRETTY_PRINT)); ``` Output: ``` { "path": { "to": { "foo": { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } } } } ``` #### Encrypting Entire Payloads [](#encrypting-entire-payloads-) Entire payloads can be encrypted using the '$' operator as encryption path: ``` use Mastercard\Developer\Encryption; // … $config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig() ->withEncryptionCertificate(encryptionCertificate) ->withEncryptionPath('$', '$') // … ->build(); ``` Example: ``` use Mastercard\Developer\Encryption; // … $payload = '{ "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" }'; $encryptedPayload = FieldLevelEncryption::encryptPayload($payload, $config); echo (json_encode(json_decode($encryptedPayload), JSON_PRETTY_PRINT)); ``` Output: ``` { "iv": "1b9396c98ab2bfd195de661d70905a45", "encryptedKey": "7d5112fa08e554e3dbc455d0628…52e826dd10311cf0d63bbfb231a1a63ecc13", "encryptedValue": "e5e9340f4d2618d27f8955828c86…379b13901a3b1e2efed616b6750a90fd379515" } ``` #### Decrypting Entire Payloads [](#decrypting-entire-payloads-) Entire payloads can be decrypted using the '$' operator as decryption path: ``` use Mastercard\Developer\Encryption; // … $config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig() ->withDecryptionKey(decryptionKey) ->withDecryptionPath('$', '$') // … ->build(); ``` Example: ``` use Mastercard\Developer\Encryption; // … $encryptedPayload = '{ "iv": "1b9396c98ab2bfd195de661d70905a45", "encryptedKey": "7d5112fa08e554e3dbc455d0628…52e826dd10311cf0d63bbfb231a1a63ecc13", "encryptedValue": "e5e9340f4d2618d27f8955828c86…379b13901a3b1e2efed616b6750a90fd379515" }'; $payload = FieldLevelEncryption::decryptPayload($encryptedPayload, $config); echo (json_encode(json_decode($payload), JSON_PRETTY_PRINT)); ``` Output: ``` { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } ``` #### Using HTTP Headers for Encryption Params [](#using-http-headers-for-encryption-params-) In the sections above, encryption parameters (initialization vector, encrypted symmetric key, etc.) are part of the HTTP payloads. Here is how to configure the library for using HTTP headers instead. ##### Configuration for Using HTTP Headers [](#configuration-for-using-http-headers-) Call `with{Param}HeaderName` instead of `with{Param}FieldName` when building a `FieldLevelEncryptionConfig` instance. Example: ``` use Mastercard\Developer\Encryption; // … $config = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig() ->withEncryptionCertificate(encryptionCertificate) ->withDecryptionKey(decryptionKey) ->withEncryptionPath('$', '$') ->withDecryptionPath('$', '$') ->withOaepPaddingDigestAlgorithm('SHA-256') ->withEncryptedValueFieldName('data') ->withIvHeaderName('x-iv') ->withEncryptedKeyHeaderName('x-encrypted-key') // … ->withFieldValueEncoding(FieldValueEncoding::HEX) ->build(); ``` See also: - [FieldLevelEncryptionConfig.php](https://github.com/Mastercard/client-encryption-php/blob/master/src/Developer/Encryption/FieldLevelEncryptionConfig.php) for all config options - [Service Configurations for Client Encryption PHP](https://github.com/Mastercard/client-encryption-php/wiki/Service-Configurations-for-Client-Encryption-PHP) ##### Encrypting Using HTTP Headers [](#encrypting-using-http-headers) Encryption can be performed using the following steps: 1. Generate parameters by calling `FieldLevelEncryptionParams::generate`: ``` $params = FieldLevelEncryptionParams::generate($config); ``` 2. Update the request headers: ``` $request->setHeader($config->getIvHeaderName(), $params->getIvValue()); $request->setHeader($config->getEncryptedKeyHeaderName(), $params->getEncryptedKeyValue()); // … ``` 3. Call `encryptPayload` with params: ``` FieldLevelEncryption::encryptPayload($payload, $config, $params); ``` Example using the configuration [above](#configuration-for-using-http-headers): ``` $payload = '{ "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" }'; $encryptedPayload = FieldLevelEncryption::encryptPayload($payload, $config, $params); echo (json_encode(json_decode($encryptedPayload), JSON_PRETTY_PRINT)); ``` Output: ``` { "data": "53b5f07ee46403af2e92abab900853…d560a0a08a1ed142099e3f4c84fe5e5" } ``` ##### Decrypting Using HTTP Headers [](#decrypting-using-http-headers) Decryption can be performed using the following steps: 1. Read the response headers: ``` $ivValue = $response->getHeader($config->getIvHeaderName()); $encryptedKeyValue = $response->getHeader($config->getEncryptedKeyHeaderName()); // … ``` 2. Create a `FieldLevelEncryptionParams` instance: ``` $params = new FieldLevelEncryptionParams($config, $ivValue, $encryptedKeyValue, …, ); ``` 3. Call `decryptPayload` with params: ``` FieldLevelEncryption::decryptPayload($encryptedPayload, $config, $params); ``` Example using the configuration [above](#configuration-for-using-http-headers): ``` $encryptedPayload = '{ "data": "53b5f07ee46403af2e92abab900853…d560a0a08a1ed142099e3f4c84fe5e5" }'; $payload = FieldLevelEncryption::decryptPayload($encryptedPayload, $config, $params); echo (json_encode(json_decode($payload), JSON_PRETTY_PRINT)); ``` Output: ``` { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } ``` ### Performing JWE Encryption and Decryption [](#performing-jwe-encryption-and-decryption-) - [Introduction](#introduction-jwe) - [Configuring the JWE Encryption](#configuring-the-JWE-encryption) - [Performing Encryption](#performing-encryption-jwe) - [Performing Decryption](#performing-decryption-jwe) - [Encrypting Entire Payloads](#encrypting-entire-payloads-jwe) - [Decrypting Entire Payloads](#decrypting-entire-payloads-jwe) #### Introduction [](#introduction--1) The core methods responsible for payload encryption and decryption are `encryptPayload` and `decryptPayload` in the `JweEncryption` class. - `encryptPayload` usage: ``` use Mastercard\Developer\Encryption; // … $encryptedRequestPayload = JweEncryption::encryptPayload($requestPayload, $config); ``` - `decryptPayload` usage: ``` use Mastercard\Developer\Encryption; // … $responsePayload = JweEncryption::decryptPayload($encryptedResponsePayload, $config); ``` #### Configuring the JWE Encryption [](#configuring-the-jwe-encryption-) Use the `JweEncryptionConfigBuilder` to create `JweEncryptionConfig` instances. Example: ``` use Mastercard\Developer\Encryption; // … $config = JweEncryptionConfigBuilder::aJweEncryptionConfig() ->withEncryptionCertificate($encryptionCertificate) ->withDecryptionKey($decryptionKey) ->withEncryptionPath('$.path.to.foo', '$.path.to.encryptedFoo') ->withDecryptionPath('$.path.to.encryptedFoo', '$.path.to.foo') ->withEncryptedValueFieldName('encryptedValue') ->build(); ``` Note: If `withEncryptedValueFieldName` is left blank, the value will default to `encryptedData` See also: - [JweConfig.php](https://github.com/Mastercard/client-encryption-php/blob/main/src/Developer/Encryption/JweConfig.php) for all config options - [Service Configurations for Client Encryption PHP](https://github.com/Mastercard/client-encryption-php/wiki/Service-Configurations-for-Client-Encryption-PHP) #### Performing Encryption [](#performing-encryption--1) Call `JweEncryption::encryptPayload` with a JSON request payload and a `JweEncryptionConfig` instance. Example using the configuration [above](#configuring-the-JWE-encryption): ``` use Mastercard\Developer\Encryption; // … $payload = '{ "path": { "to": { "foo": { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } } } }'; $encryptedPayload = JweEncryption::encryptPayload($payload, $config); echo (json_encode(json_decode($encryptedPayload), JSON_PRETTY_PRINT)); ``` Output: ``` { "path": { "to": { "encryptedFoo": "809a09d78257af5379df0c454dcdf…353ed59fe72fd4a7735c69da4080e74f" } } } ``` #### Performing Decryption [](#performing-decryption--1) Call `JweEncryption::decryptPayload` with a JSON response payload and a `JweEncryptionConfig` instance. Example using the configuration [above](#configuring-the-JWE-encryption): ``` use Mastercard\Developer\Encryption; // … $encryptedPayload = '{ "path": { "to": { "encryptedFoo": { "encryptedValue": "809a09d78257af5379df0c454dcdf…353ed59fe72fd4a7735c69da4080e74f" } } } }'; $payload = JweEncryption::decryptPayload($encryptedPayload, $config); echo (json_encode(json_decode($payload), JSON_PRETTY_PRINT)); ``` Output: ``` { "path": { "to": { "foo": { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } } } } ``` #### Encrypting Entire Payloads [](#encrypting-entire-payloads--1) Entire payloads can be encrypted using the '$' operator as encryption path: ``` use Mastercard\Developer\Encryption; // … $config = JweConfigBuilder::aJweEncryptionConfig() ->withEncryptionCertificate(encryptionCertificate) ->withEncryptionPath('$', '$') ->withEncryptedValueFieldName("encryptedValue") // … ->build(); ``` Example: ``` use Mastercard\Developer\Encryption; // … $payload = '{ "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" }'; $encryptedPayload = JweEncryption::encryptPayload($payload, $config); echo (json_encode(json_decode($encryptedPayload), JSON_PRETTY_PRINT)); ``` Output: ``` { "encryptedValue": "e5e9340f4d2618d27f8955828c86…379b13901a3b1e2efed616b6750a90fd379515" } ``` #### Decrypting Entire Payloads [](#decrypting-entire-payloads--1) Entire payloads can be decrypted using the '$' operator as decryption path: ``` use Mastercard\Developer\Encryption; // … $config = JweEncryptionConfigBuilder::aJweEncryptionConfig() ->withDecryptionKey(decryptionKey) ->withDecryptionPath('$', '$') ->withEncryptedValueFieldName("encryptedValue") // … ->build(); ``` Example: ``` use Mastercard\Developer\Encryption; // … $encryptedPayload = '{ "encryptedValue": "e5e9340f4d2618d27f8955828c86…379b13901a3b1e2efed616b6750a90fd379515" }'; $payload = FieldLevelEncryption::decryptPayload($encryptedPayload, $config); echo (json_encode(json_decode($payload), JSON_PRETTY_PRINT)); ``` Output: ``` { "sensitiveField1": "sensitiveValue1", "sensitiveField2": "sensitiveValue2" } ``` ### Integrating with OpenAPI Generator API Client Libraries [](#integrating-with-openapi-generator-api-client-libraries-) [OpenAPI Generator](https://github.com/OpenAPITools/openapi-generator) generates API client libraries from [OpenAPI Specs](https://github.com/OAI/OpenAPI-Specification). It provides generators and library templates for supporting multiple languages and frameworks. This project provides you with some interceptor classes you can use when configuring your API client. These classes will take care of encrypting request and decrypting response payloads, but also of updating HTTP headers when needed. Generators currently supported: - [php](#php) #### php [](#php-) ##### OpenAPI Generator [](#openapi-generator) Client libraries can be generated using the following command: ``` openapi-generator-cli generate -i openapi-spec.yaml -g php -o out ``` See also: - [OpenAPI Generator CLI Installation](https://openapi-generator.tech/docs/installation/) - [CONFIG OPTIONS for php](https://github.com/OpenAPITools/openapi-generator/blob/master/docs/generators/php.md) ##### Usage of the `PsrHttpMessageEncryptionInterceptor` for Field Level Encryption [](#usage-of-the-psrhttpmessageencryptioninterceptor-for-field-level-encryption) ``` use GuzzleHttp; use OpenAPI\Client\Api\ServiceApi; use OpenAPI\Client\Configuration use Mastercard\Developer\Signers\PsrHttpMessageSigner; use Mastercard\Developer\Interceptors\PsrHttpMessageEncryptionInterceptor; // … $stack = new GuzzleHttp\HandlerStack(); $stack->setHandler(new GuzzleHttp\Handler\CurlHandler()); $fieldLevelEncryptionConfig = FieldLevelEncryptionConfigBuilder::aFieldLevelEncryptionConfig() // … ->build(); $fieldLevelEncryptionInterceptor = new PsrHttpMessageEncryptionInterceptor($fieldLevelEncryptionConfig); $stack->push(GuzzleHttp\Middleware::mapRequest([$fieldLevelEncryptionInterceptor, 'interceptRequest'])); $stack->push(GuzzleHttp\Middleware::mapResponse([$fieldLevelEncryptionInterceptor, 'interceptResponse'])); $stack->push(GuzzleHttp\Middleware::mapRequest([new PsrHttpMessageSigner($consumerKey, $signingKey), 'sign'])); $options = ['handler' => $stack]; $client = new GuzzleHttp\Client($options); $config = new Configuration(); $config->setHost('https://sandbox.api.mastercard.com'); $serviceApi = new ServiceApi($client, $config); // … ``` ##### Usage of the `PsrHttpMessageEncryptionInterceptor` for JWE Encryption [](#usage-of-the-psrhttpmessageencryptioninterceptor-for-jwe-encryption) ``` use GuzzleHttp; use OpenAPI\Client\Api\ServiceApi; use OpenAPI\Client\Configuration use Mastercard\Developer\Signers\PsrHttpMessageSigner; use Mastercard\Developer\Interceptors\PsrHttpMessageEncryptionInterceptor; // … $stack = new GuzzleHttp\HandlerStack(); $stack->setHandler(new GuzzleHttp\Handler\CurlHandler()); $JweEncryptionConfig = JweEncryptionConfigBuilder::aJweEncryptionConfig() // … ->build(); $JweEncryptionInterceptor = new PsrHttpMessageEncryptionInterceptor($JweEncryptionConfig); $stack->push(GuzzleHttp\Middleware::mapRequest([$JweEncryptionInterceptor, 'interceptRequest'])); $stack->push(GuzzleHttp\Middleware::mapResponse([$JweEncryptionInterceptor, 'interceptResponse'])); $stack->push(GuzzleHttp\Middleware::mapRequest([new PsrHttpMessageSigner($consumerKey, $signingKey), 'sign'])); $options = ['handler' => $stack]; $client = new GuzzleHttp\Client($options); $config = new Configuration(); $config->setHost('https://sandbox.api.mastercard.com'); $serviceApi = new ServiceApi($client, $config); // … ``` ### Health Score 38 — LowBetter than 85% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity36 Limited adoption so far Community19 Small or concentrated contributor base Maturity65 Established project with proven stability Bus Factor2 2 contributors hold 50%+ of commits How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~204 days Recently: every ~327 days Total 8 Last Release 1159d ago ### Community Maintainers ![](https://www.gravatar.com/avatar/441fcbfa72c889b1518533de283a93b5b3e0e51b3418b9c074889574b73c308d?d=identicon)[mastercard](/maintainers/mastercard) --- Top Contributors [![jaaufauvre](https://avatars.githubusercontent.com/u/3964455?v=4)](https://github.com/jaaufauvre "jaaufauvre (32 commits)")[![danny-gallagher](https://avatars.githubusercontent.com/u/50239900?v=4)](https://github.com/danny-gallagher "danny-gallagher (30 commits)")[![rfeelin](https://avatars.githubusercontent.com/u/3427219?v=4)](https://github.com/rfeelin "rfeelin (8 commits)")[![talha-API](https://avatars.githubusercontent.com/u/123556329?v=4)](https://github.com/talha-API "talha-API (7 commits)")[![rossphelan](https://avatars.githubusercontent.com/u/60007610?v=4)](https://github.com/rossphelan "rossphelan (5 commits)")[![ech0s7r](https://avatars.githubusercontent.com/u/7020500?v=4)](https://github.com/ech0s7r "ech0s7r (3 commits)")[![kick-the-bucket](https://avatars.githubusercontent.com/u/7068596?v=4)](https://github.com/kick-the-bucket "kick-the-bucket (2 commits)") --- Tags decryptiondeprecateddeprecated-repositoryencryptionfield-level-encryptionflemastercardopenapiphpphpencryptionopenapimastercardfield-level encryptiondecryptionfle ### Embed Badge ![Health badge](/badges/mastercard-client-encryption/health.svg) ``` [![Health](https://phpackages.com/badges/mastercard-client-encryption/health.svg)](https://phpackages.com/packages/mastercard-client-encryption) ``` ### Alternatives [harmbandstra/swagger-ui-bundle Exposes swagger UI inside your Symfony project through a route (eg. /docs) 42867.3k](/packages/harmbandstra-swagger-ui-bundle)[comgate/sdk Comgate PHP SDK 13327.8k](/packages/comgate-sdk)[uderline/openapi-php-attributes Automatically render your OpenApi 3 file describing your PHP API using attributes 2136.3k](/packages/uderline-openapi-php-attributes) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)