Scan2Pay
  • Scan2Pay API
  • API Introduction
    • API Environment
    • API Security
    • API Request Format
    • API Response Format
    • SDK
  • API Specification
    • Merchant-Presented QR Code
    • Customer-Presented QR Code
    • Credit Card Payment
    • EasyCard Manipulation
      • Obtain the device list
      • Sign on
      • Query the card number
      • Query the balance
      • Payment
      • Refund
      • Settlement
      • Payment Retry (EasyCard)
    • Refund
    • Single Transaction Query
    • Multiple Transactions Query
    • New Multiple Transactions Query
    • Invoice Query
  • Payment Notification
  • Appendix
    • Payment Method Code
    • Transaction Status Code
    • EasyCard Transaction Status Code
    • Printing Information for EasyCard Transaction
    • Card Reader Setup
Powered by GitBook
On this page
  • Description
  • Creating AES-128 Key
  • Encrypting the Request by AES-KEY
  • Encrypting the AES-KEY by RSA Public Key
  • Processing a Transaction Request
  • The Decrypted Result of the Response

Was this helpful?

  1. API Introduction

API Security

Data encryption is required in Scan2Pay transaction processes

PreviousAPI EnvironmentNextAPI Request Format

Last updated 6 years ago

Was this helpful?

Description

Original Request data is encrypted by AES-128 and placed in “Request” field with JSON format. The AES key is encrypted by RSA public key and placed in “ApiKey” field with JSON format.

Encryption Process is as follows: -

Creating AES-128 Key

AES 128-bit encryption is required in data transmission and is created on the user side.

To ensure the data security, use a new AES Key for every transaction is recommended.

Encrypting the Request by AES-KEY

AES encryption is required for data in JSON format.

AES encryption adopts 128-bit key, CBC mode, and the IV is provided by intella.

Encrypting the AES-KEY by RSA Public Key

RSA Public Key is provided by intella.

Processing a Transaction Request

The original request body, which is encrypted by AES and based64-encoded, is placed in the ‘Request’ field. The AES key, which is encrypted by RSA and based64-encoded, is placed in the ‘ApiKey’ field.

Sample:

{
    "Header":
    {
        "Method":"00000",
        "ServiceType":"OLPay",
        "MchId":"103543903790001",
        "TradeKey":"03ac674216f3e15c761ee1a5e255f067953623c8b388b4459e13f978d7c846f4",
        "CreateTime": "20180313120000"
    },
    "Data":"{\"TimeExpire\":\"201803121000\", \"StoreOrderNo\": \"skb0001\",\"Body\": \"Milk Tea\",\"TotalFee\":\ "35\",\"FeeType\": \"TWD\",\"Detail\": \"商品細節\",\"StoreInfo\": \"Intella0001\",\"Token\": \"QWERTYUIOPASDFGHJKLZXCVBNM123456\"}"
}

The actual processed JSON Request body looks like the following:

{
    "Request":"Y7mg/9WbP6FPVkYew5dRRuxtjH7OOR6NJWakEj/kwqZ56AjjQzJAV.....TtOGcm",
    "ApiKey":"unhqcdoY9l6yLf....."
}

The Decrypted Result of the Response

The response data format as below :

{
    "Response":"WCTG0AI44/Ju/AEM6F.....UPLqHMDuI"
}

The data of the response field is Base64-encoded AES encryption data. Use the same AES key you used for encrypting the original request body to decrypt the response field in order to get the original response content (which is in JSON format).