ACH
This is a supplement to the information available at click here.
Additional fields are available on the transaction body when your integration and contract with Cardlytics includes Cardlytics managed ACH rewards payout. Cardlytics currently only supports one account to disburse rewards to per unique user. This means that Cardlytics will always attempt to send earned rewards to users over ACH to the most recently received ACH information for the user.
Note that Cardlytics will assign you a specific application id and key to encrypt the ACH specific fields. This
application id and key (sensitiveFieldApplicationId) are different from the application id and key assigned to you for
JWT generation/signing. It is important for your systems and Cardlytics to keep this key protected and only available to
your protected back-end systems.
| Field | For? | Data Type | Example | Description |
|---|---|---|---|---|
| sensitiveFieldApplicationId | ACH | string | cdlx:eeeeeeee-eeee-eeee-eeee-eeeeeeeeeeee | This is the cardlytics assigned application id with an associated key for encrypting especially sensitive fields like account numbers. |
| achRoutingNumber | ACH | string | 091000022 | This is the routing number for the ACH transfer information for the user. |
| achAccountType | ACH | string | one of: CHECKING, SAVINGS | This is the ACH account type. |
| achAccountHolderNameEncrypted | ACH | string | +XFPTXDuyytIVwEHVPTWpPm1jahAeRkmMt/m6IVGuvQ= | This is the name of the ACH account holder, encrypted using aes-cbc-256. The raw account holder name format is typically the firstName followed by lastName. |
| achAccountNumberEncrypted | ACH | string | +XFPTXDuyytIVwEHVPTWpPm1jahAeRkmMt/m6IVGuvQ= | This is the aes-cbc-256 encrypted account number for the user. |
| achEncryptionInitializationVector | ACH | string | 7e947ed42da0d733 | This is the aes-cbc-256 IV used to encrypt the sensitive fields. It should be a random and unique string of 16 bytes. |
Account Number Encryption
- Take the trimmed, normalized version of the account number. Example:
1111111111111111. - Initialize an
AESCBCmode encryption with a256bit key size and key. Example:my-32-character-secret-key-00000. - Create a random initialization vector of 16 bytes. Example:
7e947ed42da0d733. - Encrypt the account number and encode to base 64. Example:
+XFPTXDuyytIVwEHVPTWpPm1jahAeRkmMt/m6IVGuvQ=.