In this “How-to” guide, we will show you how to test MLE (Message Level Encryption) enabled APIs using Postman.
Important Links:
Encryption Guide https://developer.visa.com/pages/encryption_guide
Working with Two Way SSL https://developer.visa.com/pages/working-with-visa-apis/two-way-ssl
Login to your Visa Developer Dashboard and go to your project, you should see something like this:
Enable the APIs for which MLE needs to be active in VDP by toggling the API for which MLE needs to be enforced.
In this example, we will enable MLE for Funds Transfer API And Query API as below:
You can obtain your project credentials by browsing the left side navigation menu of your project and click on “Credentials”.
Next step we will create a Key-ID by clicking on the Generate Key-ID button.
After you have clicked the button, you will get Key-ID. Copy the Key-ID for your reference.
The Key-ID will look like this: 41d9f2a1-xxxx-4xxx-b40c-a0480c2xxxxx
The next step is to add a CSR (Certificate Signing Request). Click on the link "Add CSR" .
You will be prompt to submit a Certificate Signing Request.
We have option to Generate a CSR for me (default) or submit your own. In this example we will use the Generate a CSR for me (default) and Click Confirm button.
After submitting the request, you will be prompt to download the Certificate/Copy Private Key.
After you have downloaded the private key, check the box "I confirm that I've downloaded my certificate key" and click continue. You will see the Status change to "Active".
Expand the Key-ID and you will see the Server Encryption Certificate and Client Encryption Certificate.
Download both certificates and save it.
To be able to make an API call with MLE, you need to have the following
We are using Node JS for the mock server which allows the ease of encrypting the request payload and decrypting the encrypted response payload.
var config = {};
config.mlePublicKeyPath = 'ENTER PUBLIC KEY PATH';
config.mlePrivateKeyPath = 'ENTER PRIVATE KEY PATH';
module.exports = config;
NOTE: All the above steps are one time set up which is needed only once during initial setup.
Update the json field "localTransactionDateTime" accordingly to the current date/time.
E.g. https://sandbox.api.visa.com/visadirect/fundstransfer/v1/pushfundstransactions
Want more? Join the Visa Developer Community to get alerts on the latest tutorials, guides and new developer resources. Stay tuned for more in the series.
Great example on getting up and running on MLE requests quickly in postman. Especially insightful was the fact that for encryption we needed the Server Encryption Certificate instead of the client certificate if generated via CSR.
You might consider updating one of your node dependencies in package.json to "node-jose": "^2.0.0" as npm now complains of "high severity vulnerability" during npm install, which is fixed in the updated dependency.
Hello there!
Can you help me what with a config example in the Postman config.js?
I made the SSL configuration and when the hello world responds normally to my Postman requests.
I'm trying to use the card-on file API, MLE is mandatory, but I don't know what I need to put here. I have so many certs and .pem and dashboards keys that I'm lost here.
I finished your tutorial but I'm receiving a HTTP 401 Unauthorized response and I think its because a wrong config.js, I've tried all those .pem and that I have:
config.mlePublicKeyPath = 'visa-key.pem';
config.mlePrivateKeyPath = 'key_0467d1aa-8ab6-4cf8-b86b-23ab864e743b.pem';
Hi @Mundoguero ,
Thank you for trying out our MLE"How to" Guide on Postman.
The certificates required for MLE configuration contains your MLE Key ID as below:
config.mlePublicKeyPath = '<PATH>/server_cert_<MLE_KEY_ID>.pem';
config.mlePrivateKeyPath = '<PATH>/key_<MLE_KEY_ID>.pem'';
Let us know if that helps
Thank you.
Hi, I get this error from node-js in c_Decrpyt
node_modules/node-jose/lib/jwe/decrypt.js:141
return Promise.reject(new Error("Algorithm not allowed: " + header.alg));
I am getting following error while trying to decrypt packet. However, transaction successfully landed at VISA Developer platform as i have verified transaction using VISA Query API.
C:\Users\saad.zikria\Desktop\VISA QR Scan\Code Drop\postman\node_modules\node-jose\lib\jwe\decrypt.js:176
reject(new Error("no key found"));
^
Error: no key found
at processKey (C:\Users\saad.zikria\Desktop\VISA QR Scan\Code Drop\postman\node_modules\node-jose\lib\jwe\decrypt.js:176:22)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
C:\Users\saad.zikria\Desktop\VISA QR Scan\Code Drop\postman>
Hi @saadzikria1 ,
Thank you for trying out the "How to test MLE on Postman" tutorial.
As per the error you are getting, it seems that you haven't provided the private key file.
Kindly check your configuration and ensure below variable is set to your private key on mock server for the encryption and decryption
config.mlePrivateKeyPath = '<PATH>/key_<MLE_KEY_ID>.pem'';
Your private key file name should be as follows: key_<YOUR MLE KEY ID>.pem which you have downloaded from VDP.
Let us know if issue has been resolved and/or you have any feedback on how we can improve on our tutorials.
Thank you
Shameem
Thankyou so very much Shameem for the detailed response, issue has been resolved.
Hello,
Thanks for provide the How to test MLE on Postman
I am using this project to generate a encrypt payload to use in this API: https://sandbox.api.visa.com/universal/core/cards
because I need the vCardID to use in this API: https://sandbox.api.visa.com/inapp/provisioning/cardData/samsungPay
To get the right data to send to the Samsung Pay SDK, I am working in a project which I need to crate a button in my app and call the Samsung Say Adk to AddCard to the wallet but I need this payload first from VISA because my client use VISA cards.
I am getting the same error that I already see here in the posts:
paulocesar@Paulos-Laptop postman % node index.js
Running!
/Users/paulocesar/Downloads/postman/node_modules/node-jose/lib/jwe/decrypt.js:176
reject(new Error("no key found"));
this error only happens when I call the decrypt endpoint in POSTMAN for the encrypt data is working fine 🙂
OK, I am attaching my project and also my keys here for you check if everything in fine I added the files in the root of the project to make sure that I am not missing something but still doesn't work
Also I attached the postman request for you check. also added the screenshot of "hellowolrd" for you see that everything is working fine with my credentials added in postman config (certificates and user/pass in Basic Auth)
Could you help me on that please?
Thank you