Encryption
All server to server data should be encrypted using AES-256-CBC with HMAC. Pseudo Code for encryption is explained below:
1
Input: plain_text Input: api_secret iv=generated random 16 byte enc_text=Encrypt plain_text Using AES-256-CBC,
2
api_secret & iv b_iv=Base64 Encode iv concat_string=b_iv + enc_text [Concat string] mac=Generate SHA256 Hash of concat_string using api_secret [HMAC] data_array=array of iv,
3
enc_text,
4
mac json_string=Convert data_array into Json String final_encrypted_text=Base64 Encode json_string
Copied!

PHP Example

1
function encrypt($text, $key) {
2
$iv = random_bytes(16);
3
$value = openssl_encrypt(serialize($text), 'AES-256-CBC', $key, 0, $iv);
4
$bIv = base64_encode($iv);
5
$mac = hash_hmac('sha256', $bIv.$value, $key);
6
$c_arr = ['iv' => $bIv, 'value' => $value, 'mac' => $mac];
7
$json = json_encode($c_arr);
8
$crypted = base64_encode($json);
9
return $crypted;
10
}
Copied!
Encryption should be done using the API Secret Key.
Note: Do not transfer or send this API Secret Key in any request. Do not share API Secret Key with anyone for security reasons.
Last modified 1yr ago
Copy link
Contents
PHP Example