Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Encryption Mechanism:

The payload of the supported APIs is encrypted with the following method. We use AES-512 & RSA for encryption of the payload.

Summary of Steps:

1.) Take the valid JSON payload. an example is given below.

Sample Example:

{
	"api-version": "<1.0 or TEST>",
	"security-id": "<64 character alphanumeric>",
	"flow-id": "<8 character alphanumeric>",
	"calls": [
		{
			"client-identifier": "<identifier, callback parameter>",
			"start-time": "<ISO-8601 Format YYYY-MM-DDTHH:MM:SS+05:30",
			"contact-numbers": [
				"918000XXXXXX",
				"918100XXXXXX",
				"<Other Alternate Numbers>"
			],
			"keys": [
				{
					"name": "$flow.key.Name",
					"value": "JACOB"
				},
				{
					"name": "$flow.key.Language",
					"value": "English"
				},
				{
					// Other flow variables
				}
			]
		},
		{
			// 2nd Call to be place
		}
	]
}

2.) Encode the payload using Base64 encoding.

Use the following link to encode https://www.base64encode.org/

IHsKICAidmlzaXRvciI6ICI5MTk4Nzk1ODU3MDAiLAogICJjdXN0VG9rZW4iOiAidTFkOXowM2IiLAogICJkdXJhdGlvbiI6ICI5MDAiLAogICJzY2hlZHVsZWRfY2FsbGJhY2tfdGltZSI6ICIyMDIxLTAzLTI3IDEyOjAwOjAwIiwKICAidWRmNSI6ICJST1NTRSIsCiAgInVkZjciOiAiU0NIRU1FTkFNRVNXSVRDSCBJTiIsCiAgInVkZjExIjogInBhZ2U7Uk9TU0lEO0lOVkVTVE9STkFNRTtTQ0hFTUVOQU1FO0FNT1VOVDtVTklUUztFWElUTE9BREFNVDtPdGhlcmRldGFpbHM7Rm9saW8gY291bnQ7RGV0YWlscztSZWRlbXB0aW9uZm9saW9jb3VudDtTd2l0Y2hmb2xpb2NvdW50IiwKICAidWRmMTIiOiAiUmVhc29uO0ZPTElPTk87Q1JFQVRFRE9OIiwKfQ==

3.) Take a random string (ex: abcd1234) of up to 2048 characters to be used as the signature key, and encode this string also using Base64 encoding.

Random Key : test1234
Base64 Encoded:: dGVzdDEyMzQ=

Now, You have two encoded values, the first one is your Base64 encode JSON payload and the second one is your encoded random string.

4.) You will have to write your own code for AES Encryption of your Base64 encoded JSON payload and a random string. For AES Encryption you can refer to the link below to write your code.

This step will give you the RequestEncryptedValue i.e AES Encryption Data.

AES Encryption Data :

14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=

Please use MessageDigest.getInstance("SHA-256")

For AES encryption you can take reference from the given link :

https://howtodoinjava.com/java/java-security/java-aes-encryption-example/

5.) Download the public_key.key from the Edit Flow Section.

6.) Take your Base64 encoded random key and encrypt it with RSA Encryption using the Public Key obtained in the previous step. It will give you the RequestDigitalSignatureValue i.e RSA Encryption Data.

RSA Encryption Data :

VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==

For RSA encryption you can take reference from the given link :

https://www.javainterviewpoint.com/rsa-encryption-and-decryption/

Use public-key shared by phonon to encrypt key data.

7.) Send both “RequestEncryptedValue” and “RequestDigitalSignatureValueas parameters to the encrypted API.

In the end, the whole JSON Request will look like this :

{
"RequestEncryptedValue":"14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=",
"RequestDigitalSignatureValue":"VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==",

"flow-id": "ZH0RKJvh"
}

8. Response

You’ll be getting the general response that you get from either API.

{
  "api-response-code": 200,
  "api-response-message": "Success",
  "request-id": "367a25ec-065b-4ca7-a73f-70d1da818a22",
  "call-details": [
    {
      "client-identifier": "2021-05-17T05:47:30.536Z",
      "phonon-uuid": "6a79da04-cf07-4c42-973f-998ea3380708"
    }
  ]
}

  • No labels