JavaScript

Installation


Our JavaScript SDK is distributed from our CDN and can be loaded with a simple script tag. The SDK must be loaded directly from our CDN and cannot be bundled with your application or self hosted.

Using npm


You can also install Evervault via the @evervault/js package on npm. This package is a light wrapper which handles loading the SDK from our CDN and also provides TypeScript definitions.

Note: It is important to note that for PCI Compliance you must load the Evervault SDK directly from our CDN and cannot bundle it with your application. The loadEvervault function will always load the latest version of the Evervault SDK regardless of which version of @evervault/js you are using.

Asynchronous Loading


You can load the SDK asynchronously using the async attribute on the script tag to prevent blocking the loading of your page. However, it is important to note that you will need to wait for the SDK to load before making any API calls.

Usage


Once loaded, you can initialize the Evervault SDK with your Team and App ID found in the Evervault Dashboard.

Reference


Evervault


Creates an instance of the Evervault SDK using your Team and App ID.

Parameters

  • teamIdRequiredstring

    The ID of your Evervault team. This can be found inside of your team settings on the Evervault dashboard.

  • appIdRequiredstring

    The ID of your Evervault app. This can be found inside of your app settings on the Evervault dashboard.

encrypt


Encrypts data using Evervault Encryption. The encrypted data can be stored in your database or file storage as normal. Evervault Strings can be used across all of our products. Evervault File Encryption is currently in Beta, and files can only be decrypted with Relay.

Parameters

  • dataRequiredstring | Data | File | Blob

    The data to encrypt

decrypt


Decrypts data previously encrypted with an Evervault product or SDK.

The decrypt() function uses Client-Side Tokens. The token can be generated using our backend SDKs or through our REST API.

The payload must be the same payload that was used to create the token and expires in a maximum of 10 minutes depending on the expiry set when creating the token.

Parameters

  • clientSideTokenRequiredstring

    A Client-Side Token with permission to decrypt the given payload.

  • encryptedDataRequiredstring

    The encrypted data to decrypt.

ui.card


Initializes a Card component for Card Collection. The Card component makes it easy to collect and encrypt card data in a completely PCI-compliant environment.

Parameters

  • theme

    Allows you to completely customize the appearance of the component. See Custom Styling for more information.

  • iconsBoolean | Record<brand, string>

    If set to true, the component will display icons for the detected card brand. You can customize icons by passing an object with the brand as the key and src URL as the value.

  • autoFocusBoolean

    If set to true, the component will automatically focus when it mounts.

  • autoProgressBoolean

    If set to true, the component automatically moves focus to the next field when the current field is complete.

  • autoCompleteObject

    Controls browser autocomplete behavior per field.

  • acceptedBrandsstring[]

    Restricts the component to only accept the specified card brands. If not provided, all brands are accepted. Possible values are visa, mastercard, american-express, diners-club, discover, jcb, unionpay, maestro, elo, mir, hiper, hipercard, szep, uatp, rupay. Custom brands defined using customBrands are accepted regardless of this list.

  • customBrandsCustomBrand[]

    An array of custom card brand definitions created with brands.create. Custom brands are always accepted, even when acceptedBrands is set. See the custom card brands section for usage examples.

  • fieldsstring[]

    Allows you to configure the fields displayed in the component. Possible values are 'name', 'number', 'expiry', and 'cvc'. By default only 'number', 'expiry' and 'cvc' will be shown.

  • defaultValuesObject

    Sets default values for card fields on mount.

  • redactCVCBoolean

    Sets the type attribute of the CVC field to password in order to visually redact the CVC field..

  • allow3DigitAmexCVCBoolean

    If set to false, rejects 3-digit CVCs for American Express cards and requires a 4-digit CVC. Defaults to true.

  • colorSchemestring

    Allows you to set the root color-scheme for the iframe document. For a seamless transparent background, use the same color scheme as the parent document.

  • translationsObject

    Allows you to customize the text shown inside of the component.

  • validationObject

    Allows you to customize validation logic for the component.

card.mount


Mounts the component to a given DOM node.

card.on('change')


Subscribe to changes made to the component. The encrypted card details can be accessed from the payload passed to the callback. The change event will fire any time there is a state update in the component. This includes when the user types in a field, looses focus on a field, or when an error is displayed.

Callback Parameters

  • data.cardObject

    Information about the entered card, including meta data as well as the encrypted number aned CVC.

  • data.errorsRecord<string, string>

    Validation errors related to the card details.

  • data.isValidBoolean

    Whether or not there are any errors shown. Validation occurs as the user looses focus on a field. You can force validation to occur with the .validate method.

    Note: This field represents if there are any errors shown, not if the card details are valid. You should use the isComplete field to determine if the user has successfully entered a valid card.

  • data.isCompleteBoolean

    Whether or not the card details are valid. This will only be true if the user has entered a valid card number, expiry date and CVC.

card.on('complete')


The complete event will fire once the user has successfully filled out all fields in the Card Component with valid values.

Callback Parameters

  • data.cardObject

    Information about the entered card, including meta data as well as the encrypted number aned CVC.

  • data.errorsRecord<string, string>

    Validation errors related to the card details.

  • data.isValidBoolean

    Whether or not there are any errors shown. Validation occurs as the user looses focus on a field. You can force validation to occur with the .validate method.

    Note: This field represents if there are any errors shown, not if the card details are valid. You should use the isComplete field to determine if the user has successfully entered a valid card.

  • data.isCompleteBoolean

    Whether or not the card details are valid. This will only be true if the user has entered a valid card number, expiry date and CVC.

card.on('ready')


The ready event will be fired once the component has fully loaded and is ready to be displayed. This is often used to show a loading state while the component loads.

card.on('error')


The error event will be fired if the component fails to load. If you want to respond to validation errors you should use the change event instead.

card.on('swipe')


Subscribe to swipe events from card readers. The encrypted card details can be accessed from the payload passed to the callback. The component must have focus for the card reader event to be detected.

Callback Parameters

  • data.cardObject

    Information about the entered card, including meta data as well as the encrypted number aned CVC.

card.on('validate')


Fired when card.validate() is called. Use this to read the validation result after triggering programmatic validation.

Callback Parameters

  • data.cardObject

    Information about the card, including metadata, the encrypted number, and CVC.

  • data.isValidBoolean

    Whether all fields are currently valid.

  • data.isCompleteBoolean

    Whether all required fields are currently valid.

  • data.errorsRecord<string, string>

    Validation errors for each field.

card.on('focus')


Fired when a card field receives focus.

Callback Parameters

  • event.fieldstring

    The field that received focus. One of name, number, expiry, or cvc.

  • event.dataObject

    The current card payload at the time of the event. Same shape as the change event payload.

card.on('blur')


Fired when a card field loses focus.

Callback Parameters

  • event.fieldstring

    The field that lost focus. One of name, number, expiry, or cvc.

  • event.dataObject

    The current card payload at the time of the event.

card.on('keyup')


Fired on a key-up event within a card field.

Callback Parameters

  • event.fieldstring

    The active field. One of name, number, expiry, or cvc.

  • event.dataObject

    The current card payload at the time of the event.

card.on('keydown')


Fired on a key-down event within a card field.

Callback Parameters

  • event.fieldstring

    The active field. One of name, number, expiry, or cvc.

  • event.dataObject

    The current card payload at the time of the event.

card.update()


Update the configuration for the component after it has been initialized. Any arguments passed will be merged with the arguments passed when the component was initialized. This can be used to dynamically update the translations for the component, or update the styling.

Parameters

  • theme

    Allows you to completely customize the appearance of the component. See Custom Styling for more information.

  • iconsBoolean | Record<brand, string>

    If set to true, the component will display icons for the detected card brand. You can customize icons by passing an object with the brand as the key and src URL as the value.

  • autoFocusBoolean

    If set to true, the component will automatically focus when it mounts.

  • autoProgressBoolean

    If set to true, the component automatically moves focus to the next field when the current field is complete.

  • autoCompleteObject

    Controls browser autocomplete behavior per field.

  • acceptedBrandsstring[]

    Restricts the component to only accept the specified card brands. If not provided, all brands are accepted. Possible values are american-express, visa, mastercard, discover, jcb, diners-club, unionpay, maestro, mir, elo, hipercard, hiper, szep, uatp, rupay. Custom brands defined using customBrands are accepted regardless of this list.

  • customBrandsCustomBrand[]

    An array of custom card brand definitions created with brands.create. Custom brands are always accepted, even when acceptedBrands is set.

  • colorSchemestring

    Allows you to set the root color-scheme for the iframe document. For a seamless transparent background, use the same color scheme as the parent document.

  • fieldsstring[]

    Allows you to configure the fields displayed in the component. Possible values are 'name', 'number', 'expiry', and 'cvc'. By default only 'number', 'expiry' and 'cvc' will be shown.

  • defaultValuesObject

    Sets default values for card fields.

  • allow3DigitAmexCVCBoolean

    If set to false, rejects 3-digit CVCs for American Express cards and requires a 4-digit CVC. Defaults to true.

  • translationsObject

    Allows you to customize the text shown inside of the component.

  • validationObject

    Allows you to customize validation logic for the component.

card.validate()


Manually trigger validation for the card details fields. This method is useful if you want to force validation to display error messages inside of the component. This is an asynchronous operation and will not return an immediate result. You can use the validate event to listen for the result of calling this method.

card.unmount()


Removes the component from the DOM.

brands.create


Creates a custom card brand definition that can be passed to the customBrands option on ui.card. Use this to add support for card networks that aren't included in Evervault's built-in brand list.

Parameters

  • nameRequiredstring

    A unique identifier for the brand. This value is returned in the localBrands array of the card change payload.

  • optionsRequiredObject

    Configuration for the custom brand.

ui.pin


Initializes a component for collecting and encrypting PIN numbers in a PCI-compliant environment.

Parameters

  • theme

    Allows you to customize the component's appearance. See Custom Styling for more information.

  • colorSchemestring

    Allows you to set the root color-scheme for the iframe document. For a seamless transparent background, use the same color scheme as the parent document.

  • lengthnumber

    The number of PIN digits to collect. Defaults to 4, maximum 10.

  • autoFocusBoolean

    If set to true, the component automatically focuses when it mounts.

  • mode"numeric" | "alphanumeric"

    If set to "alphanumeric", the PIN field will accept letters as well as digits. Defaults to "numeric".

  • inputType"number" | "text" | "password"

    Sets the type attribute of the underlying input elements used to capture the PIN. Defaults to "number".

pin.mount()


Mounts the component to a given DOM node.

pin.on('change')


Fired whenever the PIN value changes.

Callback Parameters

  • data.valuestring | null

    The encrypted PIN value, or null if the field is empty.

  • data.isCompleteBoolean

    Whether the PIN field is complete.

pin.on('complete')


Fired when the user enters all PIN digits.

Callback Parameters

  • data.valuestring | null

    The encrypted PIN value.

  • data.isCompleteBoolean

    Whether the PIN field is complete.

pin.on('ready')


Fired when the component loads and is ready to be displayed.

pin.on('error')


Fired if the component fails to load.

pin.update()


Updates the component configuration after initialization. Any arguments passed are merged with the original options.

pin.unmount()


Removes the component from the DOM.

ui.threeDSecure


The ThreeDSecure component can be used in combination with the Evervault API to perform 3D Secure authentication. In order to use the ThreeDSecure component you must first create a 3D Secure session on your backend and pass it to your frontend. The component will display the 3D Secure iframe and handle the authentication process.

Parameters

  • sessionRequiredstring

    The 3D Secure session ID. A 3D Secure session can be created using the Create 3D Secure Session API endpoint.

  • options

    Configuration options for the ThreeDSecure component.

threeDSecure.mount()


Mounts the component to the DOM. If no selector is provided the component will be rendered as a modal window.

Parameters

  • selectorstring

    The selector of the DOM node to mount the component to. If no selector is provided the component will be rendered as a modal window.

threeDSecure.on('success')


The 'success' event will be fired once the 3D Secure authentication process has been completed successfully. You should use this event to trigger your backend to finalize the payment. Your backend can use the Retrieve 3DS Session endpoint to retrieve the cryptogram for the session and complete the payment.

Note: The component is automatically unmounted after the 'success' event is fired.

threeDSecure.on('failure')


The 'failure' event will be fired if the 3D Secure authentication process fails. You should use this event to handle the failure and inform the user and prompt them to try again.

Note: The component is automatically unmounted after the 'failure' event is fired.

threeDSecure.on('ready')


The ready event will be fired once the component has fully loaded and is ready to be displayed. This is often used to show a loading state while the component loads.

threeDSecure.on('error')


The error event will be fired if the component fails to load.

Callback Parameters

  • error.errorString

    A unique code representing the error that occurred.

  • error.messageString

    A human readable message describing the error.

threeDSecure.update()


Update the configuration for the component after it has been initialized. Any arguments passed will be merged with the arguments passed when the component was initialized.

Parameters

  • colorSchemestring

    Allows you to set the root color-scheme for the iframe document. For a seamless transparent background, use the same color scheme as the parent document.

  • theme

    Allows you to customize the appearance of the component. See Custom Styling for more information.

    Note: You can't customize the appearance of the iframe content itself. This is controlled by the card issuer.

  • size{ width: string, height: string }

    This size of the 3D Secure iframe. Card issuers are required to support content at 250x400, 390x400, 500x600, 600x400. The default size is 500x600.

  • failOnChallengeBoolean | () => Boolean | () => Promise<Boolean>

    If set to true, the component will fail 3DS authentication when a challenge is requested and no challenge will be shown. Alternatively, you can provide a function which will be called when a challenge is requested. If the function returns true 3DS authentication will fail, if it returns false the challenge will be shown.

threeDSecure.unmount()


Removes the component from the DOM.

ui.reveal


The Reveal component allows you to display previously encrypted card data to your users in plaintext in a secure iframe hosted by Evervault. Before using Reveal you'll first need to have a JSON endpoint to retrieve data from. This is often your own API endpoint combined with Relay to decrypt previously encrypted data from your database or a third-party API.

It is important that the endpoint that you create sets the applicable CORS headers so that it can be accessed from the Reveal iframe. Otherwise your requests will fail!

reveal.on("ready")


The ready event will be fired once the request has been completed and all reveal consumer components are ready to be shown.

reveal.on("error")


The error event will be fired if the Reveal Component fails to load or the passed request fails.

reveal.text()


Creates a Reveal Text consumer. The Reveal Text consumer allows you to render a selected field from the request response.

Parameters

  • pathRequiredstring

    The JSON path to the field you want to display.

  • options.colorSchemestring

    Allows you to set the root color-scheme for the iframe document. For a seamless transparent background, use the same color scheme as the parent document.

  • options.themeTheme

    Allows you to completely customize the appearance of the component. See Custom Styling for more information.

  • options.formatObject

    Allows you to use regex matching to format the field value.

text.mount()

Mounts the Reveal Text component to a given DOM node.

text.unmount()

Removes the Text Component from the DOM.

reveal.copyButton()


Creates a Reveal Copy Button consumer. This renders a button which when clicked will copy a response field to the users clipboard.

Parameters

  • pathRequiredstring

    The JSON path to the field you want to display.

  • options.textstring

    The text to display on the button.

  • options.iconstring

    A URL for an icon to display on the button.

  • options.colorSchemestring

    Allows you to set the root color-scheme for the iframe document. For a seamless transparent background, use the same color scheme as the parent document.

  • options.themeTheme

    Allows you to completely customize the appearance of the component. See Custom Styling for more information.

  • options.formatObject

    Allows you to use regex matching to format the field value.

copyButton.on("copy")

The copy event will be fired when the button is clicked and the value has been copied to the clipboard.

copyButton.mount()

Mounts the Reveal Copy Button component to a given DOM node.

copyButton.unmount()

Removes the Copy Button Component from the DOM.

transactions.create


Creates a transaction object that can be used with Apple Pay and Google Pay components.

Parameters

  • options.amountRequirednumber

    The transaction amount in smallest currency unit (e.g., cents).

  • options.currencyRequiredstring

    The three-letter ISO currency code.

  • options.countryRequiredstring

    The two-letter ISO country code.

  • options.merchantIdRequiredstring

    Your Evervault merchant ID.

  • options.typepayment | disbursement | recurring

    Specify the type of transaction. Disbursement requests are only available with Apple Pay. Default: payment.

  • options.lineItemsTransactionLineItem[]

    Optional array of line items to display in the payment sheet.

  • options.requiredRecipientDetailsstring[]

    Optional array of recipient details required for collection on a disbursement transaction. Possible values: name, email, phone, address.

  • options.merchantCapabilitiesstring[]

    Optional array of Apple Pay merchant capabilities for disbursement transactions. When omitted, defaults to supports3DS, and adds supportsInstantFundsOut when instantTransfer is set. Supported values: supports3DS, supportsEMV, supportsCredit, supportsDebit, supportsInstantFundsOut. On iOS the equivalent is the singular merchantCapability field on DisbursementTransaction.

  • options.managementURLstring

    URL for managing the recurring payment subscription. Required when type is recurring.

  • options.billingAgreementstring

    Description of the billing agreement shown to the user. Required when type is recurring.

  • options.descriptionstring

    Description of the recurring payment. Required when type is recurring.

  • options.regularBillingobject

    Billing details for the recurring charge. Required when type is recurring.

  • options.trialBillingobject

    Optional trial billing details for the recurring payment.

ui.applePay


Initializes an Apple Pay button that handles the payment flow and returns encrypted payment details.

In Sandbox apps, the encrypted networkToken.number maps to a test card that matches the brand of the card the customer selects in their Apple Wallet.

Parameters

  • transactionRequiredTransaction

    The transaction object created with transactions.create.

  • optionsRequiredObject

    Configuration options for the Apple Pay button.

The object passed to options.process includes metadata on card when present. Optional card.paymentMethodType is credit, debit, prepaid, or store when the wallet reports the funding type for the card the user selected. See the Apple Pay guide for how this relates to BIN-derived fields such as funding.

The paymentDataType field reflects the Apple token format returned by the credentials API (for example 3DSecure). The transactionType field indicates the transaction category: oneOff for one-time payments, recurring for subscriptions, or disbursement for fund-out flows.

applePay.mount()


Mounts the Apple Pay button to a given DOM node.

applePay.unmount()


Removes the Apple Pay button from the DOM. If an Apple Pay session is active, the sheet is dismissed first.

applePay.abort()


Programmatically dismisses the Apple Pay sheet while a session is in progress. This maps to the browser's PaymentRequest.abort() API. When the sheet closes, the cancel event is fired.

Use this when you need to close and reopen Apple Pay — for example, when a shipping address change requires a different currency. Currency cannot be updated mid-session via onShippingAddressChange; abort the session, update the transaction, and let the user open Apple Pay again.

abort() is a no-op when no session is in progress. After the user authorizes payment, use fail() in the process callback instead.

applePay.availability()


Checks whether Apple Pay is available on the current device. Returns a promise resolving to "available", "unavailable", or "unsupported".

applePay.on("ready")


Fired when the Apple Pay button is mounted and ready to be displayed.

applePay.on("success")


Fired when the payment has been successfully authorized.

applePay.on("error")


Fired if there's an error initializing the Apple Pay button.

applePay.on("cancel")


Fired when the user cancels the Apple Pay payment flow.

ui.googlePay


Initializes a Google Pay button that handles the payment flow and returns encrypted payment details.

Parameters

  • transactionRequiredTransaction

    The transaction object created with transactions.create.

  • optionsRequiredObject

    Configuration options for the Google Pay button.

The object passed to options.process includes metadata on card when present. Optional card.paymentMethodType matches Google Pay's funding source for the selected card when available. See the Google Pay guide.

googlePay.on("success")


Fired when the payment has been successfully authorized.

googlePay.on("error")


Fired if there's an error initializing the Google Pay button.

googlePay.on("cancel")


Fired when the user cancels the Google Pay payment flow.

googlePay.on("ready")


Fired when the Google Pay button is ready to be displayed.

Custom Styling


Some components in the SDK allow you to customize the appearance of the component using a theme object. A theme is just an object with a styles property. This styles property uses a CSS-as-JS format to define CSS rules for the component. These rules will be compiled to CSS and injected into the iframe.

Although you can customize the CSS inside of the iframe, you cannot modify the HTML. We know that layout can have a big impact on style definitions and so to help with this, we apply custom attributes to various elements within the iframe. These attributes are prefixed with ev-.

You can see our premade Card Collection themes for an example of how these attributes can be used when creating themes.

Responsive Styling


You can define media queries inside of the themes styles object, however, this may lead to unexpected behaviour as the media queries will be matched against the iframe document, not the parent document. To get around this, we provide a media utility which allows you to define styles based on media queries that match the parent document.

To access the media utility you will need to define your theme as a function that returns a theme object. This function will be passed a utilities object as an argument, which contains the media utility. The media utility should be spread into the styles object of the returned theme.