Thanks for the response, Robert.
Could you provide a rough timelines for the tentative dates for this feature? I understand due to the extra-ordinary circumstances these days the timelines might vary wildly. But some broad hints such as H1,H2, Q4 Q3 would help us.
------------------------------
Kartik Sura
Uber
------------------------------
Original Message:
Sent: 03-26-2020 20:21
From: Robert Wakefield-Carl
Subject: Secure call flows: Encrypted payload for web service data action
Encrypted key data actions is on the roadmap, but not for a bit. What you can use now is mTLS to secure the connection with your own certificate. Combined with https and IP whitelisting, you can get pretty secure.
Robert
------------------------------
Robert Wakefield-Carl
Avtex Solutions, LLC
Contact Center Innovation Architect
robertwc@avtex.com
https://www.Avtex.com
https://RobertWC.Blogspot.com
Original Message:
Sent: 03-26-2020 02:35
From: Kartik Sura
Subject: Secure call flows: Encrypted payload for web service data action
Hi Team,
We are exploring a way to send credit card details from phone to our backend. Our requirement is to have the Creditcard details encrypted using our public key, before the API call is made.
Does pure-cloud support encryption of payload before sending the API request?
Note: HTTS might not work for us as the PCI compliance team raised a concern of: the credit card number would then be in plain text to our Public endpoint, bringing it and any systems that touched it after SSL into PCI scope (usually our Public endpoint, would not be decrypting SSL itself, usually network equipment upstream handles SSL), which isn't going to be allowed.
#ArchitectureandDesign
#Implementation
------------------------------
Kartik Sura
Uber
------------------------------