Retrieving SSN via the CAS API
If a CAS collects Social Security Numbers (SSNs) from applicants in the Applicant Portal, you can configure PGP encryption to securely retrieve the SSNs using the CAS API. You can use the same PGP key for multiple CASs. Your PGP key information automatically carries forward into future cycles.
CAS-Slate integrations should refer to the Delivering Social Security Numbers documentation, as Slate’s preferred delivery method relies on WebAdMIT.
Prerequisites
Install PGP Software
If you want to retrieve encrypted SSNs through the CAS API, you must first install a version of PGP (Pretty Good Privacy) software. This software creates a public and private key:
- The public key is used by Liaison to encrypt the SSN for you.
- The private key is retained by key contact(s) at your institution and is used to decrypt the SSN.
You should never share the private key with anyone outside of your institution. You may use any PGP encryption software. This software must be installed on at least one computer that you'll routinely use to decrypt the SSN. If your institution collects official GRE or TOEFL scores from ETS, you may already have PGP software, as this is the same method ETS uses to transmit scores to institutions.
Generate a PGP Private and Public Key Pair
Once you have installed the PGP software, you must generate a private and public key (i.e., "key pair").
When generating your key pair, use RSA with 2048 or 3072 bits. Additionally, include your email address in the configuration.
If you need assistance with using PGP software or creating a private and public key pairing, contact the PGP software vendor's customer support or your institution's IT support.
Export the Public Key to a File
After you create a public key, export that key into a text file with a .txt file extension.
Email the Public Key to the Client Support Specialist Team
Once you have the public key as a .txt file, email it to the Client Support Specialist team at apisupport@liaisonedu.com. Identify the CAS and cycle it can be used for.
Retrieve Encrypted SSN with the CAS API
Once the public key has been added to your CAS API account, use the GET Accounts Info endpoint (/v1/accounts/info) to retrieve the public key ID.
If using the on-demand pattern, in the GET Application Details by Program endpoint (/v1/applicationForms/{applicationFormId}/organizations/{organizationId}/programs/{programId}/applications/{applicationId}), add a header with the key X-API-PUBLICKEYID and your public key ID as the value.
If using subscriptions, add the public key ID as a response option in the body: publicKeyId=(Public Key ID).
See the CAS API technical documentation for more details.
Frequently Asked Questions
Question |
Answer |
---|---|
What is the trigger for the SSN to be included in the export? |
Encrypted SSNs via the CAS API will be included with each payload, regardless of status, including In Progress applications. |
How will the encrypted SSN appear in the payload? |
The encrypted SSN can be found in a dedicated object: personalInfo.otherInfo.socialSecurityNumber.encryptedSsn. |