API Security

Data encryption is required in Scan2Pay transaction processes

Description

Original Request data is encrypted by AES-128 and placed in “Request” field with JSON format. The AES key is encrypted by RSA public key and placed in “ApiKey” field with JSON format.

Encryption Process is as follows: -

Creating AES-128 Key

AES 128-bit encryption is required in data transmission and is created on the user side.

To ensure the data security, use a new AES Key for every transaction is recommended.

Encrypting the Request by AES-KEY

AES encryption is required for data in JSON format.

AES encryption adopts 128-bit key, CBC mode, and the IV is provided by intella.

Encrypting the AES-KEY by RSA Public Key

RSA Public Key is provided by intella.

Processing a Transaction Request

The original request body, which is encrypted by AES and based64-encoded, is placed in the ‘Request’ field. The AES key, which is encrypted by RSA and based64-encoded, is placed in the ‘ApiKey’ field.

Sample:

{
    "Header":
    {
        "Method":"00000",
        "ServiceType":"OLPay",
        "MchId":"103543903790001",
        "TradeKey":"03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4",
        "CreateTime": "20180313120000"
    },
    "Data":"{\"TimeExpire\":\"201803121000\", \"StoreOrderNo\": \"skb0001\",\"Body\": \"Milk Tea\",\"TotalFee\":\ "35\",\"FeeType\": \"TWD\",\"Detail\": \"商品細節\",\"StoreInfo\": \"Intella0001\",\"Token\": \"QWERTYUIOPASDFGHJKLZXCVBNM123456\"}"
}

The actual processed JSON Request body looks like the following:

{
    "Request":"Y7mg/9WbP6FPVkYew5dRRuxtjH7OOR6NJWakEj/kwqZ56AjjQzJAV.....TtOGcm",
    "ApiKey":"unhqcdoY9l6yLf....."
}

The Decrypted Result of the Response

The response data format as below :

{
    "Response":"WCTG0AI44/Ju/AEM6F.....UPLqHMDuI"
}

The data of the response field is Base64-encoded AES encryption data. Use the same AES key you used for encrypting the original request body to decrypt the response field in order to get the original response content (which is in JSON format).

PreviousAPI EnvironmentNextAPI Request Format

Last updated