Changelog

We’re excited to introduce our newest product, 3D-Secure. 3D-Secure (3DS) is a security protocol created in 2001 to authenticate online card transactions, and ensures merchants and acquirers comply with SCA and PSD2 regulations. It verifies that the person making the purchase is the legitimate cardholder. A significant benefit of 3D-Secure is that it shifts chargeback liability from the acquirer to the issuer — a huge advantage to high-risk merchants. In many regions, including the EU, Australia, India, and Japan, 3DS is now mandatory for certain transactions.

Today, we're launching the Evervault 3D Secure API—a universal API for 3DS authentication that works independently of your payment processor. Our API is built for developers with our leading security and design principles. It’s easy to integrate, highly reliable and distills the 3DS authentication process into easy steps using our client side SDKs.

Get Started with 3D Secure ->

Card Account Updater

Card Account Updater is a service offered by major card networks to automatically update card-on-file details. Card Account Updater ensures that merchants always have the latest card information (like updated card numbers and expiration dates) for their customers.

We've released a new API designed to let you integrate Card Account Updater in minutes without having to interact directly with the card networks.

Get Started with CAU

Network Tokens replace sensitive card details (like the 16-digit card number, expiration date, and security code) with a unique identifier generated by a card network (e.g. Visa or Mastercard). This token is used to process payments without exposing actual card details, thus adding a layer of security. For merchants, this can also result in higher authorization rates and lower authorization fees.

We're excited to release our new easy-to-use APIs designed to let you create and use Network Tokens in minutes without having to integrate directly with the card networks.

Get Started ->

Welcome to Part 2 of 'staying on top of any errors that occur in your system'.

Firstly, you can now configure Evervault to send alerts for both Cages and Relays. We've also expanded our third-party integration support to include Discord as well as Slack. If you need to control the flavour of error that you'd like to receive via an alert (4XX, 5XX), this is also configurable within the dashboard. Lastly, we've added custom webhook support for those of you who prefer to handle your workflow programatically.

We've included more information on alerts in the docs

With Evervault Inputs we’re making it easier than ever to become PCI compliant.

This functionality, embedded within our JavaScript and React SDKs, makes it easy to collect encrypted cardholder data in a completely PCI-compliant environment.

Evervault Inputs are served within an iFrame retrieved directly from Evervault’s PCI-compliant infrastructure, which can reduce your PCI DSS compliance scope to the simplest form (SAQ-A) once integrated correctly.

It’s as easy as specifying the ID of the element in which the iFrame should be embedded.

Get started with Evervault Inputs →

Evervault is continuously expanding and improving the developer experience of the platform, and supporting an ever expanding ecosystem of programming languages with SDKs is one of our top priorities.

We are delighted to now provide full support for the Evervault platform with Java. Using the Java SDK developers can now encrypt data, proxy requests through Relay, and interact with Cages.

Check out our Java SDK docs.

It’s important to stay on top of any errors that occur in your system. With that in mind, we’ve just shipped our first alert feature. You can now configure a Slack channel to receive alerts when your Relay encounters an error. You will now know in real time if an inbound request from your client fails before it reaches your app.

See issues that matter and triage them accordantly!

We are working on adding support for Cages alerts next, and adding new destinations so you can keep on top of alerts from your favourite app.

To set up alerts in the Dashboard, go to Relay -> Alerts -> Setup Slack Channel

With this update we are adding support to the secp256r1 curve — also known as NIST P-256 or prime256v1. Relay already supports secp256k1 (koblitz) curves, but now we’re providing our users with the choice so they can decide which curve they want to use.

Our SDKs will continue to default to the secp256k1 curve, but please follow our Python SDK and NodeJS SDK guides to learn how to change your curve.

---

For more in-depth information about elliptic curves and its differences, please refer to our documentation on elliptic curves.

By default, your Cages can be run by any client with a valid API key, but you may want to have additional control over where your Cage can be run from.

You can now restrict your Cage to only accept invocations from a predefined set of IPs. Define a list of IP addresses and/or CIDR blocks to accept in the Evervault dashboard.

If a Cage run is requested from outside of your whitelist, the invocation will be rejected with a status code of 403, or a ForbiddenIPError in our Node & Python clients.

You can read more about Cage IP whitelisting in our docs & can get started by going to Dashboard → Cage → IP Whitelist.