Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Encryption Mechanism:

The payload of the supported APIs is encrypted with the following method. We use AES-512 & RSA for encryption of the payload.

Summary of Steps:

1.) Take the valid JSON payload. an example is given below.

Sample Example:

{
	"api-version": "<1.0 or TEST>",
	"security-id": "<64 character alphanumeric>",
	"flow-id": "<8 character alphanumeric>",
	"calls": [
		{
			"client-identifier": "<identifier, callback parameter>",
			"start-time": "<ISO-8601 Format YYYY-MM-DDTHH:MM:SS+05:30",
			"contact-numbers": [
				"918000XXXXXX",
				"918100XXXXXX",
				"<Other Alternate Numbers>"
			],
			"keys": [
				{
					"name": "$flow.key.Name",
					"value": "JACOB"
				},
				{
					"name": "$flow.key.Language",
					"value": "English"
				},
				{
					// Other flow variables
				}
			]
		},
		{
			// 2nd Call to be place
		}
	]
}

2.) Encode the payload using Base64 encoding.

Use the following link to encode https://www.base64decode.org/

IHsKICAidmlzaXRvciI6ICI5MTk4Nzk1ODU3MDAiLAogICJjdXN0VG9rZW4iOiAidTFkOXowM2IiLAogICJkdXJhdGlvbiI6ICI5MDAiLAogICJzY2hlZHVsZWRfY2FsbGJhY2tfdGltZSI6ICIyMDIxLTAzLTI3IDEyOjAwOjAwIiwKICAidWRmNSI6ICJST1NTRSIsCiAgInVkZjciOiAiU0NIRU1FTkFNRVNXSVRDSCBJTiIsCiAgInVkZjExIjogInBhZ2U7Uk9TU0lEO0lOVkVTVE9STkFNRTtTQ0hFTUVOQU1FO0FNT1VOVDtVTklUUztFWElUTE9BREFNVDtPdGhlcmRldGFpbHM7Rm9saW8gY291bnQ7RGV0YWlscztSZWRlbXB0aW9uZm9saW9jb3VudDtTd2l0Y2hmb2xpb2NvdW50IiwKICAidWRmMTIiOiAiUmVhc29uO0ZPTElPTk87Q1JFQVRFRE9OIiwKfQ==

3.) Take a random string (ex: abcd1234) of up to 2048 characters to be used as the signature key, and encode this string also using Base64 encoding.

Random Key : test1234
Base64 Encoded:: dGVzdDEyMzQ=

Now, You have two encoded keys, first one is your Base64 encode JSON payload and the second one is your encode the random string.

4.) You will have to write your own code for AES Encryption of your Base64 encoded JSON payload and a random string. You can take reference from this link: https://howtodoinjava.com/java/java-security/java-aes-encryption-example/ to write your code. This step will give you the RequestEncryptedValue.

AES Encryption Data :

14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=

Note: Please use MessageDigest.getInstance("SHA-256");

5.) Download the public_key.key from the Edit Flow Section.

6.) Take your Base64 encoded random key and encrypt it with RSA Encryption using the Public Key obtained in the previous step. It will give you the RequestDigitalSignatureValue.

VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==

Note: Use public-key shared by phonon to encrypt key data.

7.) Send both “RequestEncryptedValue” and “RequestEncryptedValue” as parameters to the encrypted API.

In the end, the whole JSON Request will look like this :

{
"RequestEncryptedValue":"14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=",
"RequestDigitalSignatureValue":"VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==",

"flow-id": "ZH0RKJvh"
}

8. Response

You’ll be getting the general response that you get from either API.

{
  "api-response-code": 200,
  "api-response-message": "Success",
  "request-id": "367a25ec-065b-4ca7-a73f-70d1da818a22",
  "call-details": [
    {
      "client-identifier": "2021-05-17T05:47:30.536Z",
      "phonon-uuid": "6a79da04-cf07-4c42-973f-998ea3380708"
    }
  ]
}

  • No labels

This document has been developed by Phonon.io for the sole and exclusive use of the customer / prospective customer with whom this document is being shared. Further, this document has been provided by Phonon.io to the recipient in good faith and based on request from the recipient for the same. This document is a confidential document and contains confidential product technology, workflow and commercial details that are for the sole usage of the intended recipients of this document. Recipients are advised not to share this document with any third party that is not the intended recipient of this document and neither to bring this document in full or parts into the public domain. Any unauthorized access may be brought to Phonon.io’s notice immediately. Phonon.io is free to take any legal action it deems necessary against any person or entity that violates this confidentiality agreement. Phonon.io is bound and governed by the rules of the state of Gujarat in India. In case you are not in agreement with the terms set in this clause or are not an intended recipient of this document, please destroy the document and intimate us of the same at info@phonon.io.