API Security
Data encryption is required in Scan2Pay transaction processes
Last updated
Was this helpful?
Data encryption is required in Scan2Pay transaction processes
Last updated
Was this helpful?
Original Request data is encrypted by AES-128 and placed in “Request” field with JSON format. The AES key is encrypted by RSA public key and placed in “ApiKey” field with JSON format.
Encryption Process is as follows: -
AES 128-bit encryption is required in data transmission and is created on the user side.
To ensure the data security, use a new AES Key for every transaction is recommended.
AES encryption is required for data in JSON format.
AES encryption adopts 128-bit key, CBC mode, and the IV is provided by intella.
RSA Public Key is provided by intella.
The original request body, which is encrypted by AES and based64-encoded, is placed in the ‘Request’ field. The AES key, which is encrypted by RSA and based64-encoded, is placed in the ‘ApiKey’ field.
Sample:
The actual processed JSON Request body looks like the following:
The response data format as below :
The data of the response field is Base64-encoded AES encryption data. Use the same AES key you used for encrypting the original request body to decrypt the response field in order to get the original response content (which is in JSON format).
