Encrypt to payDistributionConfig

Learn how to encrypt a DDS configuration to a payDistributionConfig.

To start the direct deposit update process in Link you must initialize it with the payDistributionConfig parameter set to an encrypted version of your DDS configuration.

The encryption is necessary to ensure bank account and card details are never exposed on the front-end. Full routing, account, and card numbers always appear encrypted on the end user's device.

To encrypt your DDS configuration make a POST request to pay-distribution-configs/encrypt with your DDS configuration in the payload.

The request returns an encrypted version of the DDS configuration that will look similar to:

  "encrypted_config": "CiQAB/5lecrbJVrkdodwk4sgqacFNCiaH638IgDAHa8/peRjEEoShwIA8Gmka0Ea+JAa75M5HxfTckMklvPVvRxPYV3ND+YisxMhcHk6Fig0bwUUJiotuw/L5YkbHysTMPU6PSvXnHs19lNDZfVO6qpo44U6eMRdqO65HC864QEEi5n/u7QQT3DcG43RiVoRCnDiBlcdGIOPxth+gX6JgygigFHLEFhfOKWaQdyOmHDuf9cZNxp3M26IBEEtgmznl4oSm1qFt6ZzMcvdvKd2nOMS5co3Nc4f6F67GlnCRHEjzszBUnkgpsj60KFKggQ0e/CRQWi5pM/wa7UCb80LAKKm8Tl07kDJVFZcb9rsGwcfPY8ZCxcD0MtV/Q+yflCbaLL4RYcKXCBZXv0yOJEhxw=="


When encryption is performed, types and values in the card and bank_account objects are validated. This validation ensures that:

  • Each field is of the correct type.
  • Required fields are specified.
  • account_number, routing_number , card_number, and card_cvc_cvv fields contain only numbers and are the correct length.
  • The card expiration date is valid.
  • If either the first or last name card fields are specified, then the other field is as well.
  • If the cardholder title field is specified, the first and last name card fields are as well.
  • The DDS configuration is self-consistent. This means that:
    • At least one destination is set.
    • If bank_account is set, the validation ensures that either amount or percent allocation is set, or entire_allocation is true.
    • If entire_allocation is true, the validation ensures that neither amount or percent allocation is set.
    • Amount and percent allocations are self-consistent:
      • value, min_value, max_value are valid decimal numbers.
      • 0 ≤ min_value ≤ value ≤ max_value for amount allocation.
      • 0 ≤ min_value ≤ value ≤ max_value ≤ 100 for percent allocation.

When a card_source object is defined in your DDS configuration, the Argyle API validates it before encryption. This validation ensures that:

  • If the card_source object is defined, then bank_account or card objects cannot be present in the DDS configuration.
  • The value of the partner attribute must be unit. Accepted values can potentially change when more partners are integrated in the future.

Example DDS configuration for RAW_BODY:

    "bank_account": {
        "bank_name": "YellowHorizon",
        "routing_number": "084101234",
        "account_number": "9483746361234",
        "account_type": "checking"
    "amount_allocation": {
        "value": "177",
        "min_value": "177",
        "max_value": "177"
Click Try It! to start a request and see the response here!