Trying to encrypt the FLE and making request for Universal card enrollment.

Solved! Go to solution
amodarling
New Contributor

Trying to encrypt the FLE and making request for Universal card enrollment.

Hi ,

I am trying for encrypt the FLE and trying to make the request for universal card enrollment create Customer .
there is no doc information where i can get weather there is issue in my header sending "Key ID" or in my encryption  and what is keyid and secrets to encrypt my data .
I am sending my request using this header . I also tried header name as well .

 

request.Headers.Add("kid", "<Key-Id Here>");

 

From here i am getting the key-id which i am using here .

keyid.png

 I dont know about the shared secret here . I tried the Shared secret which i get from the X-Pay-Token and i also tried the server encryption Certificate from Encryption/Decryption but same error for both cases .

How i am encrypting this in c# code is below .

 

public string EncryptFLE(string message)
        {

            // Step 1: Get Plain Text Payload
            string plainTextPayload = message;

            // Step 2: Construct JOSE Header Object
            var joseHeader = new
            {
                alg = "RSA-OAEP-256",
                enc = "A128GCM",
                kid = "<key-id here>",
                iat = DateTimeOffset.Now.ToUnixTimeMilliseconds()
            };

            // Step 3: Convert JOSE Header to JSON string
            string joseHeaderJson = JsonConvert.SerializeObject(joseHeader);

            // Step 4: Construct JWE Object
            var jweObject = new
            {
                header = joseHeaderJson,
                payload = plainTextPayload
            };

            // Step 5: Convert JWE Object to JSON string
            string jweObjectJson = JsonConvert.SerializeObject(jweObject);

            // Step 6: Get  Key (Server Encryption Certificate) as an X.509 certificate
            string fleServerPublicCertificate = "D:\\cert.pem";
            X509Certificate2 certificate = new X509Certificate2(fleServerPublicCertificate);

            // Step 7: Encrypt the JWE Object using the MLE Public Key
            string encryptedJwe = EncryptJwe(jweObjectJson, certificate);

            // Step 9: Return the Encrypted String
            
            return encryptedJwe;
        }

 

After the Request I made received below error .

 

{"errorResponse":{"status":400,"reason":"invalidParameter","message":"Invalid input parameter(s)","details":[{"location":"encMobileNumber","message":"Failed to parse/decrypt the value provided."},{"location":"encEmailAddress","message":"Failed to parse/decrypt the value provided."},{"location":"encAddress","message":"Failed to parse/decrypt the value provided."}]}}

 

I also tried many Solutions from community as well . but Error still persist. 

 

9 REPLIES 9
cathy2981
Community Moderator

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Thank you for reaching out, @amodarling ! An agent is looking for a solution for you and will get back with you shortly! If any community members know a solution, please feel free to respond in this thread. - Cathy

amodarling
New Contributor

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Can anyone please tell me which keys need for the encryption of Field level encryption ,

as per document Encrypt the value in the fields using “Key ID” and "shared secret"

I also used these two but same error . so i need the detail which key i need to use for the field level encryption .

Regards .

API_Products
Visa Developer Support Specialist

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Hi @amodarling,

 

Please refer to the answer I posted in this forum post here: https://community.developer.visa.com/t5/Implementation-API-Sample-Code/Field-Level-Encryption-univer... 

 

After clicking the link above, you'll want to refer to the attached Encryption Certificate and KID for encrypting the card object. Card Object details can be retrieved from the API Reference page.

 

Please also refer to the test data, along with the certificate that is attached to the forum post in the URL link above.




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

amodarling
New Contributor

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Not working for my issue . I am using universal/core/card API for create customer . After this i will use the enroll card Api's .
I have Visa public key for SBX 2.0 for encryption . what is the key id i need to use for FLE. First i create the customer and then assign the card to the customer as per doc here "https://developer.visa.com/capabilities/visa-in-app-provisioning/docs-authentication".
Please just guide me what is the key id here . I have also tried your provided sbx key and key id but same error .
Regards
API_Products
Visa Developer Support Specialist

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Hi @amodarling,

 

Please try this KID.

 

Q2AY3V5E3ICNBUU66D8K11hBmzqdXSvTiNzZ-YnpozWRXTo50

KID – To be used in JWE Header

 

Here's some additional info: https://developer.visa.com/capabilities/visa-in-app-provisioning/docs-authentication  




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

amodarling
New Contributor

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

I have tried with this keyid as well but same error. what other i have tried already is :
-keyid with shareSecrets of my app credentials .
-keyid with the encryption sbx file you provided in other answer link. I used it as a shared secret.
-keyid with my Encryption sbx file
Also i tried all of these scenarios with my account key-id . all shows the same error . Can you please tell me if the key id is this you provided what will be the shared secret if not the sbx file ?
API_Products
Visa Developer Support Specialist

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Hi @amodarling,

 

For further troubleshooting of the error, please provide the following information: 

1. End Point
2. Request Header
3. Request Body
4. Response Header (include the x-correlation-id)
5. Response Body

Using SoapUI, you can find the x-correlation-id in the Raw Tab of the response header.

 




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.

amodarling
New Contributor

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Hello @API_Products 

Endpoint  :- "https://sandbox.api.visa.com/universal/core/customers?apikey=<Api key>"

Request Header are :- 

 

x-pay-token: xv2:1689583323:4d891100cc9be38747848940fe19f0fe06bb9d6bf147d7993825462267a1f05a
kid: 3447d14e-58d3-428d-9ab4-233af71db6a4
ex-correlation-id: OKMNN8SLWIAO_SC
traceparent: 00-aa50e9b420ee525da29d1edda36f0296-d1d272379268b3a8-00

 

Request Body

 

{"lastName":"Narayanan","firstName":"Shankara Child","encMobileNumber":"WRtSYhap8FrW4n15gPuaZ06J9JcfW1NnP4dQQZ+pihvOwZmp1bGe","locale":"en_US","encEmailAddress":"Fshdlfwyg7p042DFMNN0q3n9PXDvDxl7jutMPvJszXvFb4gOLGpytSoGIX6Lxc4p","encAddress":"tiKTAwB2LBNI/5sQeP2jycyNM+8G16IPkGl6GHqucg=="}

 

Response Header

 

Server: nginx
Date: Mon, 17 Jul 2023 08:43:14 GMT
Connection: keep-alive
X-SERVED-BY: -5d6d7f4
X-CORRELATION-ID: 1689583393_969_670553379_-5d6d7f4_VDP_WS
X-ERROR-ORIGIN: 9900
X-APP-STATUS: 400
Cache-Control: no-store, must-revalidate, no-cache
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubdomains
Pragma: no-cache
Content-Security-Policy-Report-Only: default-src 'self' <OTher strings here >

 

 

Response Body

 

{"errorResponse":{"status":400,"reason":"invalidParameter","message":"Invalid input parameter(s)","details":[{"location":"encMobileNumber","message":"Failed to parse/decrypt the value provided."},{"location":"encEmailAddress","message":"Failed to parse/decrypt the value provided."},{"location":"encAddress","message":"Failed to parse/decrypt the value provided."}]}}

 

API_Products
Visa Developer Support Specialist

Re: Trying to encrypt the FLE and making request for Universal card enrollment.

Hi @amodarling,

 

Using the VDC Playground tool, I ran a sandbox test and received a successful request/response payload. You can view my request/response payload below and refer to the steps and screenshot about where I got the API Key (refer to screenshot).

 

Steps to get the API Key

  1. Log into Visa Developer Portal
  2. Go to your Dashboard
  3. Click on your Project App
  4. Go to Credentials
  5. Scroll down to bottom of page to the API Key section and click on the > icon to see the API Key. You can click on the Copy button (refer to screenshot)

viap api key1.png

 

VIAP API Key.png

 

End Point https://sandbox.api.visa.com/universal/core/cards?apikey=VPIB1APOUYXZN99PWYRH21bkBF61nYhdWGMW5cNqV-R...
Method POST
Request
{"encCard": "eyJraWQiOiJHM0xHV05IWk9WTVNYOFVKQ1lISDEzZDhnaHRGQi1Mc3NGNnBBc0pSZFFtekFBWnZNIiwiZW5jIjoiQTI1NkdDTSIsImFsZyI6IlJTQS1PQUVQLTI1NiJ9.dv_nF7AWjLw0jxIXfgKw8KQ8S_tUC6fn1gEgta-hEUYK7eDbOZ3XK0_xqkoh3J2fqIYFbkbF4IKoQbQBVOHvLLQA4aFsgCYJCYqwGQE7-NO2FafhhhQsVmU8uzWFtYTbNUt7kKATfc5z4MFEzBpNNr0oKpxv9_ApLaxjvuw63w7JKStftgZbcvMckNyviCmhm0WyCqzmS3rRre3D70i7bmLvPtiu8wKrhmMKviLQf7kfdHYGJGgv_WgR_HZR6mH-FjpFFK_UKTlh1kfTDtEl6DvorUuWO4kLmK979QgeqRtyiaWRcqE6rJya1z8mz2zBfLrQbnPgbedJP3gtpNAyMw.0awVuLh5SLjMH_A6.-oML7_exAQlFBWakbWxLVmT7FytdZYWP0iiVCEQWw5CGF1lYQvmGqzJd_v77U5NL1sVaR-8puxCs7a74XMM8ZQUal4e-D6WoupJEMvjLg8C-1UEOnEkd-VYJYdMfPt4WzxxBHZzB4oihgZ72N9pMEdjcrbThdEotO1h8mrys1jmW9EhLZzOHdGnBtaxZ-7epSWHeuvVFShpnDtnwjMZ3lWZ8qAAkmHsu_cXbtS_gOIZwnD_Qyj8azsiJ92_Mipc7eKxruZBha3LsiYGOT-iRR_8Wj1AMDAkgt7rIYWLtkH1HRQkcsY2Pomm3BIEf1IMA6RxETNJmAuG9jnhdvy2RpqWtKGBoYYeCGJoQDkQtDnQ2Hv4xhRMFb983c4t8FR1tByvygv9q1OGwlZm83jloS2MHkNfe61o0g3x7U6la8NJdNnXUs2Ts2l6qk9PhqFwyhIavl8c094nErqTIj64l7sb9ZbaDSEKw0ERu0LikQ2cb3ZztGw8qMmmJQk6jPRyGqcMyU4ExPBPJnZ8W0D8EXcF9Ip0z1x5sgT02FlsJVekb2ozLUuHw7yFLe09FEBOxDtwJxYHapjeYrGH97-7CEoqVCwPPa9s0w7tWZG_8NO2Uv2IgiD3pq9y4PJsu2zRqqazuOBniHmgDTSPMNp1fWspcIcdpAnPaU2WVFxnpMugKds35Fom7LJ52U6SIKYM8B2zAzKxwicjb6QY9Yp9DbkQsN1TqCT1mIKvJ9QrImLA510X00PV65cdHOT37iSSkHPOwvPGm8XcBvQiJunppTTZ2sjG_uuCGoGFM0F1OW8uZ-8F2fGBwKr1919DOc4F0_Pj3qaSRHwvXtTL7iKe4RcmLWKUD311tJAISuq2amT9gFvGu_k-hd9ihDnjxhvh-Q7Ac8TA3fRtj.G-EksEyNvqY5s_tKdq8pGg"}
Response
{
"paymentAccountReference": "V1234567890124514234413926268",
"last4": "6268",
"vCardID": "v-123-510b1b5b-4412-44c4-a4bc-b9fa59a43802",
"expirationDate": {
"month": "10",
"year": "2020"
}
}
Response Header
Status Code: 201
Server : nginx
Date : Thu, 27 Jul 2023 01:18:52 GMT
Content-Type : application/json;charset=UTF-8
Content-Length : 175
Connection : keep-alive
X-SERVED-BY : -5d6d7f4p
X-CORRELATION-ID : 1690420731_886_1714654174_-5d6d7f4p_VDP_WS
X-APP-STATUS : 201
Cache-Control : no-cache, no-store, must-revalidate
X-Frame-Options : SAMEORIGIN
X-XSS-Protection : 0
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains
Pragma : no-cache
Expires : -1
Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-Content-Security-Policy-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-WebKit-CSP-Report-Only : default-src 'self' https://*.v.me https://*.visa.com;script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.visa.com https://*.v.me;img-src 'self' https://*.v.me https://*.visa.com https://*.unica.com https://ad.doubleclick.net;style-src 'self' 'unsafe-inline' https://*.visa.com;object-src https://*.v.me https://*.visa.com data:;report-uri /logging/logCSPReport;
X-XSS-Protection : 1; mode=block
X-Content-Type-Options : nosniff
Strict-Transport-Security : max-age=31536000;includeSubdomains;always

 

 

 




Thanks,

Tee



Was your question answered? Don't forget to click on "Accept as Solution" to help other devs find the answer to the same question.