Using Subresource Integrity (SRI)

Starting from December 2024, you can enhance security by using Subresource Integrity (SRI) checks with versioned SDKs instead of the latest version. SRI ensures that the SDK files delivered to your users haven’t been tampered with by verifying their cryptographic hash. While this requires manual version management instead of automatic updates, it prevents the execution of potentially tampered code through cryptographic verification. Below you can find the implementation examples.

Secure Fields Form Implementation

<body>
    ...
    <script 
      src="https://js.paymentsos.com/v3.8.2/secure-fields-form.min.js"
      integrity="sha384-VqS/y9R47AxcQWm0S6BFt/IBJ7xQDls0nOCneBipmvfUb4gNkiP+O36v0a11n/Lk"
      crossorigin="anonymous">
    </script>
</body>

Token.js Implementation

<body>
    ...
    <script 
      src="https://js.paymentsos.com/tokenization/2.0.1/token.min.js"
      integrity="sha384-2moEjRXRyx2XxOh3T9l+VWXvEPVyk/+cAy7XQniTqurd9CgF12g/2RnFMZg0x46b"
      crossorigin="anonymous">
    </script>
</body>

CVV Encryptor Implementation

<body>
    ...
    <script 
      src="https://js.paymentsos.com/cvv/1.2.1/cvv-encryptor.min.js"
      integrity="sha384-wKUEBwwsU/c+2PUZmzCyLvt4m6LPGfNU9B6Abjk9jteqpli8uWuFMHVvuMqIJvRA"
      crossorigin="anonymous">
    </script>
</body>

SDK versions and their hashes

Below is a list of available SDK versions with their corresponding integrity hashes. This security feature is optional - you can continue using the latest version if automatic updates are preferred.