Skip to main content
PFM applications handle highly sensitive financial data that requires robust encryption mechanisms to ensure data security and regulatory compliance during transmission and storage.

Why Encryption is Critical

Personal Finance Management systems process:
  • Banking transactions and account details
  • Investment portfolios and holdings
  • Personal financial information
  • User authentication credentials
All this sensitive financial data must be encrypted to:
  • Protect against data breaches and unauthorized access
  • Ensure compliance with financial regulations
  • Maintain customer trust and data integrity
  • Secure API communications between client and server

Encryption in PFM Workflow

Encryption is implemented at multiple levels:
  1. Data in Transit: All API communications are encrypted using HTTPS/TLS
  2. Data at Rest: Sensitive data stored in databases is encrypted
  3. Client-Server Communication: Additional encryption layers for API payloads
The encryption ensures that even if data is intercepted during transmission or accessed without authorization, it remains unreadable and secure.

Encrypted API Contracts

Our PFM APIs use encrypted communication where both requests and responses are encrypted using the shared encryption keys. Important Note: When encryption is enabled for your integration, it applies to all APIs and webhooks. All request/response payloads and webhook notifications will use the encrypted format described below.

Request Format

Clients encrypt their JSON payload and send it in the following format: 
{
  "ciphertext": "encrypted_request_data_here"
}

Response Format

The server responds with encrypted data in the same format: 
{
  "ciphertext": "encrypted_response_data_here"
}

Communication Flow

  1. Client Side:
    • Encrypts the JSON request payload using shared keys
    • Sends the encrypted data in the ciphertext field
  2. Server Side:
    • Receives the encrypted request
    • Decrypts the request using shared keys
    • Processes the decrypted request
    • Encrypts the response data
    • Returns encrypted response in ciphertext field
  3. Client Side:
    • Receives the encrypted response
    • Decrypts the ciphertext field using shared keys
    • Uses the decrypted JSON response data
This ensures that all sensitive financial data remains encrypted during transmission, providing end-to-end security for API communications.

Available Encryption Types

Our platform currently supports the following encryption mechanisms:
  • AES-256-GCM: Primary encryption method with authenticated encryption