What is Message Level Encryption (MLE)?
MLE provides enhanced security message payloads by using an asymmetric encryption technique (public-key cryptography).
Why is MLE important?
MLE can help address the threat of relying on Transport Layer Security (TLS) for message security by ensuring that message payload remain encrypted between API endpoints.
What does the Tutorial Cover?
There are three different types of MLE enforcement levels: Mandatory, Optional, and Not Applicable.
This video will:
- Guide you through how to identify these three MLE enforcement levels throughout the “client go live journey” and to which environments each level applies.
- Teach you how to identify APIs that currently do not support MLE.
- Show you where in the dashboard to find the information necessary to create the MLE Certificate Signing Request (CSR) file.
- Highlight how Visa allows developers to experiment with MLE in lower environments (Sandbox and Certification) before MLE is applied to Production environment, at Visa’s discretion. Please note that depending on the type of data carried in an API payload, Visa may require certain enforcement levels. Developers can also review those standards HERE.
- Review enforcement levels at the individual API level since a single project can contain APIs with different MLE enforcement levels.
- Provide a high-level overview of the two certificate pairs generated to implement MLE, Visa encryption key pair and Client encryption key.
Like what you see in the tutorial? Want to see more? Let us know your feedback by commenting below, we'd love to hear from you!