# Add Payload Encryption
source: https://developer.mastercard.com/account-validation/documentation/tutorials-and-guides/api-tutorial-enc/index.md

This tutorial adds payload encryption/decryption to the Java program built using the [Java API Client](https://developer.mastercard.com/account-validation/documentation/tutorials-and-guides/api-tutorial/index.md) tutorial. Complete that tutorial before starting this one.

The adapted Java program makes API calls with encrypted payloads and decrypts the responses. Remember that Sandbox does not support payload encryption.

## Prerequisites {#prerequisites}

To complete this tutorial, you need the Mastercard encryption keys and credentials that you generated for your Mastercard Developers project. Use the keys appropriate to the environment: Sandbox keys for MTF, or production keys.

## Add the Encryption Dependency {#add-the-encryption-dependency}

The Mastercard Encryption Library provides the JSON Web Encryption (JWE) functionality for the payload encryption/decryption.

1. In the IntelliJ IDE, edit your Maven project's **pom.xml** file to add the below Encryption Library as one of the dependencies.

```xml
    <dependency>
        <groupId>com.mastercard.developer</groupId>
        <artifactId>client-encryption</artifactId>
        <version>1.7.4</version>
    </dependency>
```

2. In the IntelliJ IDE, navigate to the Terminal window and run the below command:

    mvn clean install

3. Copy the Client Encryption Key certificate (.pem) file and Mastercard Encryption Key (.p12) file to the `./src/main/resources` folder as shown below:

![Project encryption key files](https://static.developer.mastercard.com/content/account-validation/documentation/images/api-tutorial-7.png)

## Add the Encryption Code {#add-the-encryption-code}

The below steps and sample code demonstrate how to adapt the program to use the Mastercard Encryption Library to encrypt/decrypt message payloads. You can either:

* Download the [AccountVal_adjusted_for_encryption.java](https://static.developer.mastercard.com/content/account-validation/uploads/AccountVal_adjusted_for_encryption.java) (6KB) file to see where the below code snippets are used.
* Edit your Java class file to add and alter the code snippets as indicated below.

Edit your Maven project's Java file, modifying or adding the following parts accordingly:

1. At the top of the file, add or adjust the code to import the additional classes required for encryption:

```java
// Additional classes for encryption...
import java.security.cert.Certificate;
import com.mastercard.developer.encryption.JweConfig;
import com.mastercard.developer.encryption.JweConfigBuilder;
import com.mastercard.developer.interceptors.OkHttpEncryptionInterceptor;
import com.mastercard.developer.utils.EncryptionUtils;
```

2. Update the encryption key values to match the key files and credentials from your Mastercard Developers project. These will be used by the `EncryptionUtils.loadEncryptionCertificate()` and `EncryptionUtils.loadDecryptionKey()` methods to encrypt the request payload and decrypt the response payload.

```java
        // Update these values to match the encryption credentials
        String clientEncryptionCertificate =
                "./src/main/resources/client-encryption-key.pem";
        String mastercardEncryptionPkcs12KeyFile = "./src/main/resources/mastercard-encryption-key.p12";
        String mastercardEncryptionKeyAlias = "mastercard_encryption_key_alias";
        String mastercardEncryptionKeyPassword = "mastercard_encryption_key_password";

        // These methods encrypt the request payload and decrypt the response payload
        Certificate encryptionCertificate =
                EncryptionUtils.loadEncryptionCertificate(clientEncryptionCertificate);
        PrivateKey decryptionKey =
                EncryptionUtils.loadDecryptionKey(mastercardEncryptionPkcs12KeyFile,
                        mastercardEncryptionKeyAlias, mastercardEncryptionKeyPassword);
        JweConfig encryptionConfig = JweConfigBuilder.aJweEncryptionConfig()
                .withEncryptionCertificate(encryptionCertificate)
                .withDecryptionKey(decryptionKey)
                .withEncryptionPath("$", "$.encrypted_payload")
                .withDecryptionPath("$.encrypted_payload.data", "$")
                .withEncryptedValueFieldName("data")
                .build();
```

3. Adjust the `xEncrypted` value to `true`.

```java
        Boolean xEncrypted = true;
```

4. Add the following interceptor to the `apiClient` builder so that the client encrypts requests with the encryption credentials.

```java
                        .addInterceptor(OkHttpEncryptionInterceptor.from(encryptionConfig))
```

The adjusted `apiClient` builder looks like this:

```java
        apiClient.setHttpClient(
                apiClient.getHttpClient()
                        .newBuilder()
                        .addInterceptor(OkHttpEncryptionInterceptor.from(encryptionConfig))
                        .addInterceptor(new OkHttpOAuth1Interceptor(consumerKey, signingKey))
                        .build()
        );
```

5. Adjust the code to pass request fields and values appropriate to the environment and your configuration, such as valid test account numbers and any required acquiring credentials.

6. When ready, run the program. The unencrypted request and decrypted response will appear in the IntelliJ IDE Run window.

If you receive an encryption error response, see [Error Codes](https://developer.mastercard.com/account-validation/documentation/code-and-formats/index.md#error-codes).