Using Encryption in CentralAPIs

Owned by Abhinandan Shah (Deactivated)
Last updated: Dec 08, 2021 by Parin Shah
2 min read

This document list down the encrypted API mechanism that are available for the listed APIs. This only covers the encryption method applied on the payload. For payload details, refer to each API’s documentation.

This is a tentative Work-In-Progress document available for internal use only. Any part of the document can change over time. Please refer to this document only once this warning is removed.

Which APIs are supported for encryption?

Product

Plaintext API Endpoint

Encrypted API Endpoint

API Doc

Product

Plaintext API Endpoint

Encrypted API Endpoint

API Doc

Outbound Multicast

https://central.phonon.io/kairos-apis/outbound/create

https://central.phonon.io/kairos-apis/enc/outbound/create

Outbound Multicast API Documentation

Outbound Dialler

https://central.phonon.io/kairos-apis/outbounddialer/create

https://central.phonon.io/kairos-apis/enc/outbounddialer/create

Outbound Dialer API Documentation

Encryption Mechanism:

The payload of the supported APIs are encrypted with the following method. We use AES-512 & RSA for encryption of payload.

Summary of Steps:

  1. Download the Public Key (public_key.pem) file from “Edit Flow” section.

  2. Take the valid JSON payload of the API which needs to be passed. Let’s call it “payload”

  3. Encode the payload using Base64 encoding. Let’s call the result “payload-B64”.

  4. Generate a random string of upto 2048 characters to be used as the signature key

  5. Encode that with Base64 encoding. Let’s call it “signatureKey-B64

  6. Use AES-512/ECB/PKCS5Padding encryption method to encrypt “payload-B64” with “signatureKey-B64”. Let’s call the result “payload-B64-AES”.

  7. Encrypt the encoded signature key with RSA Encryption using the Public Key obtained on step 1. Let’s call it “signatureKey-B64-RSA”.

  8. Send both “payload-B64-AES” and “signatureKey-B64-RSA” as parameters to the encrypted API.

Sample Example:

1. Original Sample Request Data :

{ "api-version": "1.0", "security-id": "f534794a88b87200f1fd7c6af0c09ffcf9a4abf465c09a957c22c22b00ce2221", "flow-id": "BTFpAuqF", "calls": [ { "client-identifier": "{% now 'iso-8601', '' %}", "start-time": "{% now 'iso-8601', '' %}", "contact-numbers": [ "6262772728" ], "keys": [ { "name": "$flow.key.customername", "value": "Parin" }, { "name": "$flow.key.product", "value": "Health" } ] } ] }

2. Base64 Encoded String :


IHsKICAidmlzaXRvciI6ICI5MTk4Nzk1ODU3MDAiLAogICJjdXN0VG9rZW4iOiAidTFkOXowM2IiLAogICJkdXJhdGlvbiI6ICI5MDAiLAogICJzY2hlZHVsZWRfY2FsbGJhY2tfdGltZSI6ICIyMDIxLTAzLTI3IDEyOjAwOjAwIiwKICAidWRmNSI6ICJST1NTRSIsCiAgInVkZjciOiAiU0NIRU1FTkFNRVNXSVRDSCBJTiIsCiAgInVkZjExIjogInBhZ2U7Uk9TU0lEO0lOVkVTVE9STkFNRTtTQ0hFTUVOQU1FO0FNT1VOVDtVTklUUztFWElUTE9BREFNVDtPdGhlcmRldGFpbHM7Rm9saW8gY291bnQ7RGV0YWlscztSZWRlbXB0aW9uZm9saW9jb3VudDtTd2l0Y2hmb2xpb2NvdW50IiwKICAidWRmMTIiOiAiUmVhc29uO0ZPTElPTk87Q1JFQVRFRE9OIiwKfQ==

3. Generate a random string for encryption as symmetric and encode it with Base64 Encoding


Random Key : test1234
Base64 Encoded:: dGVzdDEyMzQ=

4. Symmetric Key encryption of data from Point 2 & 3 – Algorithm : AES/ECB/PKCS5Padding


AES Encryption Data :

14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=

5. RSA Encryption For Base64 encoded random Key :

 

VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==

 

6. Final Encrypted JSON Request -

In the end the whole JSON Request will look like this :

{
"RequestEncryptedValue":"14nZnSU51sms3Lhu60/9cuUAMsEwWIqxhj68zWWc70adIHDrS6Ad4csvQ/1X/x8EkwhKKJITcbXEv1GEFpp0mJ7a1a77LfHHUDAqRrhM7J2V38D66emu6BzDouVLf+OjZLYgl81Fi+lXLDHV3/Oc3c/w01bpM3CCQWt+kOuE8C1W8UEa6F1E5QfVwzE7EFy8U8tMvjj0twphvOKOXC0pSVWkIoUUUZiRsLRnvwZlby7GRazBLmC6rYXaY834ge2+Nsb84beI9OxIz/PDF5qUA1opYD4eLTvc1o2qr8Igu5ZlmBuqs0VQTOyntlVFjhFFSZPVCgacrbO33lnz9XP0CEUjKiV/hhfMmJrkbCfHJ8+eLyMygJE/9Abi2PPyhCql2N8/TPNH3TiTPS9z6pBkaL98BB+6YoFL6hKnt+euYjjtO5H12Ys9fh+BhPCNW9qIW+qAn1K/N6pQZnXESLtVxieK41RWSEZxP+K6IQLO56+ieFBpQ80Fyif3S18bwcZxNca5GHllagWRXg+/AhC/5ZUnc5mLtctvMLTpl8Fv+YWfHg7/qKjhIRXF7wFDodYJZFbJrBsTaF1fZPprq4PNXq7KlgoEtWnbM9oByFVLJkuHHvKzmRVWMBoJGaTS84CffqnBLKCmqvPLwepAwBAPpthWXddFjJkd8QGpZc1xIto=",
"RequestDigitalSignatureValue":"VZATnCid3xMId80c4NVx365ubTYEEOE7y/3/sEjgKpWHyVsZmtuTuLC8ohdgunFmT8SsAYZtGydhKH9LJG6PwmYBCb+DNxdXnZ3Vrg+V+m/uA0tFp1CarEr5J5fMqN5fO9Qyb82JKk5ZamVmv0NRlMXxBi7S1hT0b85ZrpKaIX2OP6rYnDVeXDwIObj1XzvUna+sidbkHNeFJ+/m7xJONOof8Mv2FtAh65JWW/mdUzRbFCv/lBNHO7P6j6E1wNAE8UUgR7WrPusYlaw0S76yGo5p2r+mlG5/hZZMVU3ZUJvm4rP++tiZFuz1mpGjm4g2eUv6ugJ7fPyKSiFySNgX7g==",
}

7. Response

You’ll be getting the general response that you get from either API.

{ "api-response-code": 200, "api-response-message": "Success", "request-id": "367a25ec-065b-4ca7-a73f-70d1da818a22", "call-details": [ { "client-identifier": "2021-05-17T05:47:30.536Z", "phonon-uuid": "6a79da04-cf07-4c42-973f-998ea3380708" } ] }

Open Questions:

 

 

 

 

 

 

 

 

 

 

 

 

 

This document has been developed by Phonon.io for the sole and exclusive use of the customer / prospective customer with whom this document is being shared. Further, this document has been provided by Phonon.io to the recipient in good faith and based on request from the recipient for the same. This document is a confidential document and contains confidential product technology, workflow and commercial details that are for the sole usage of the intended recipients of this document. Recipients are advised not to share this document with any third party that is not the intended recipient of this document and neither to bring this document in full or parts into the public domain. Any unauthorized access may be brought to Phonon.io’s notice immediately. Phonon.io is free to take any legal action it deems necessary against any person or entity that violates this confidentiality agreement. Phonon.io is bound and governed by the rules of the state of Gujarat in India. In case you are not in agreement with the terms set in this clause or are not an intended recipient of this document, please destroy the document and intimate us of the same at info@phonon.io.