May a user of our site give us their revolut PRODUCTION key to store in encrypted form in our DB, which they can decrypt in the browser and make calls to revolut to perform transactions?
So, to describe in a bit more detail:
- User registers at our site
- links their revolut account by giving us their PRODUCTION key encrypted by their password, say, using AES
- Wants to pay another user, key is decrypted by JS in browser and needed revolut API calls are performed to perform needed transactions
Any legal issues one can think of?