Skip to main content

Retrieving SSN via the CAS API

If a CAS collects Social Security Numbers (SSNs) from applicants in the Applicant Portal, you can configure PGP encryption to securely retrieve the SSNs using the CAS API. You can use the same PGP key for multiple CASs. Your PGP key information automatically carries forward into future cycles.

CAS-Slate integrations should refer to the Delivering Social Security Numbers documentation, as Slate’s preferred delivery method relies on WebAdMIT.


Install PGP Software

If you want to retrieve encrypted SSNs through the CAS API, you must first install a version of PGP (Pretty Good Privacy) software. This software creates a public and private key:

  • The public key is used by Liaison to encrypt the SSN for you.
  • The private key is retained by key contact(s) at your institution and is used to decrypt the SSN.

You should never share the private key with anyone outside of your institution. You may use any PGP encryption software. This software must be installed on at least one computer that you'll routinely use to decrypt the SSN. If your institution collects official GRE or TOEFL scores from ETS, you may already have PGP software, as this is the same method ETS uses to transmit scores to institutions.

Generate a PGP Private and Public Key Pair

Once you have installed the PGP software, you must generate a private and public key (i.e., "key pair").

When generating your key pair, use RSA with 2048 or 3072 bits. Additionally, include your email address in the configuration.

If you need assistance with using PGP software or creating a private and public key pairing, contact the PGP software vendor's customer support or your institution's IT support.

Export the Public Key to a File

After you create a public key, export that key into a text file with a .txt file extension.

Email the Public Key to the Client Support Specialist Team

Once you have the public key as a .txt file, email it to the Client Support Specialist team at Identify the CAS and cycle it can be used for.

Retrieve Encrypted SSN with the CAS API

Once the public key has been added to your CAS API account, use the GET Accounts Info endpoint (/v1/accounts/info) to retrieve the public key ID.

If using the on-demand pattern, in the GET Application Details by Program endpoint (/v1/applicationForms/{applicationFormId}/organizations/{organizationId}/programs/{programId}/applications/{applicationId}), add a header with the key X-API-PUBLICKEYID and your public key ID as the value.

If using subscriptions, add the public key ID as a response option in the body: publicKeyId=(Public Key ID).

See the CAS API technical documentation for more details.

Frequently Asked Questions



What is the trigger for the SSN to be included in the export?

Encrypted SSNs via the CAS API will be included with each payload, regardless of status, including In Progress applications.

How will the encrypted SSN appear in the payload?

The encrypted SSN can be found in a dedicated object: personalInfo.otherInfo.socialSecurityNumber.encryptedSsn.
The SSN will be the only encrypted data. The rest of the payload will be unaffected.

  • Was this article helpful?