NodeJS library for Mastercard API compliant payload encryption/decryption.
- NodeJS 6.12.3+
There shouldn't be any Node compatibility issues with this package, but it's a good idea to keep your Node versions up-to-date. It is recommended that you use one of the LTS Node.js releases, or one of the more general recent releases. A Node version manager such as nvm
(Mac and Linux) or nvm-windows
is a good way to stay on top of this.
Before using this library, you will need to set up a project in the Mastercard Developers Portal.
As part of this set up, you'll receive:
- A public request encryption certificate (aka Client Encryption Keys)
- A private response decryption key (aka Mastercard Encryption Keys)
If you want to use mastercard-client-encryption with Node.js, it is available through npm
:
Adding the library to your project:
npm install mastercard-client-encryption
You can then use it as a regular module:
const clientEncryption = require('mastercard-client-encryption');
The core methods responsible for payload encryption and decryption are encryptData
and decryptData
in the FieldLevelEncryption
class.
encrypt()
usage:
const fle = new clientEncryption.FieldLevelEncryption(config);
// ...
let encryptedRequestPayload = fle.encrypt(endpoint, header, body);
decrypt()
usage:
const fle = new clientEncryption.FieldLevelEncryption(config);
// ...
let responsePayload = fle.decrypt(encryptedResponsePayload);
FieldLevelEncryption
needs a config object to instruct how to decrypt/decrypt the payloads. Example:
const config = {
paths: [
{
path: "/resource",
toEncrypt: [
{
/* path to element to be encrypted in request json body */
element: "path.to.foo",
/* path to object where to store encryption fields in request json body */
obj: "path.to.encryptedFoo"
}],
toDecrypt: [
{
/* path to element where to store decrypted fields in response object */
element: "path.to.encryptedFoo",
/* path to object with encryption fields */
obj: "path.to.foo"
}
]
}
],
ivFieldName: 'iv',
encryptedKeyFieldName: 'encryptedKey',
encryptedValueFieldName: 'encryptedData',
dataEncoding: 'hex',
encryptionCertificate: "./path/to/public.cert",
privateKey: "./path/to/your/private.key",
oaepPaddingDigestAlgorithm: 'SHA-256'
};
For all config options, please see:
- Configuration object for all config options
We have a predefined set of configurations to use with Mastercard services:
Call FieldLevelEncryption.encrypt()
with a JSON request payload, and optional header
object.
Example using the configuration above:
const payload =
{
"path": {
"to": {
"foo": {
"sensitive": "this is a secret!",
"sensitive2": "this is a super-secret!"
}
}
}
};
const fle = new (require('mastercard-client-encryption')).FieldLevelEncryption(config);
// ...
let responsePayload = fle.encrypt("/resource1", header, payload);
Output:
{
"path": {
"to": {
"encryptedFoo": {
"iv": "7f1105fb0c684864a189fb3709ce3d28",
"encryptedKey": "67f467d1b653d98411a0c6d3c(...)ffd4c09dd42f713a51bff2b48f937c8",
"encryptedData": "b73aabd267517fc09ed72455c2(...)dffb5fa04bf6e6ce9ade1ff514ed6141",
"publicKeyFingerprint": "80810fc13a8319fcf0e2e(...)82cc3ce671176343cfe8160c2279",
"oaepHashingAlgorithm": "SHA256"
}
}
}
}
Call FieldLevelEncryption.decrypt()
with an (encrypted) response
object with the following fields:
body
: json payloadrequest.url
: requesting urlheader
: optional, header object
Example using the configuration above:
...
const response = {};
response.request = { url: "/resource1" };
response.body =
{
"path": {
"to": {
"encryptedFoo": {
"iv": "e5d313c056c411170bf07ac82ede78c9",
"encryptedKey": "e3a56746c0f9109d18b3a2652b76(...)f16d8afeff36b2479652f5c24ae7bd",
"encryptedData": "809a09d78257af5379df0c454dcdf(...)353ed59fe72fd4a7735c69da4080e74f",
"oaepHashingAlgorithm": "SHA256",
"publicKeyFingerprint": "80810fc13a8319fcf0e2e(...)3ce671176343cfe8160c2279"
}
}
}
};
const fle = new (require('mastercard-client-encryption')).FieldLevelEncryption(config);
let responsePayload = fle.decrypt(response);
Output:
{
"path": {
"to": {
"foo": {
"sensitive": "this is a secret",
"sensitive2": "this is a super secret!"
}
}
}
}
OpenAPI Generator generates API client libraries from OpenAPI Specs. It provides generators and library templates for supporting multiple languages and frameworks.
The client-encryption-nodejs library provides the Service
decorator object you can use with the OpenAPI generated client. This class will take care of encrypting request and decrypting response payloads, but also of updating HTTP headers when needed, automatically, without manually calling encrypt()
/decrypt()
functions for each API request or response.
OpenAPI client can be generated, starting from your OpenAPI Spec / Swagger using the following command:
java -jar openapi-generator-cli.jar generate -i openapi-spec.yaml -l javascript -o out
Client library will be generated in the out
folder.
See also:
To use it:
-
Generate the OpenAPI client, as above
-
Import the mastercard-client-encryption library
const mcapi = require('mastercard-client-encryption');
-
Import the OpenAPI Client using the
Service
decorator object:const openAPIClient = require('./path/to/generated/openapi/client'); const config = { /* service configuration object */} const service = new mcapi.Service(openAPIClient, config);
-
Use the
service
object as you are using theopenAPIClient
to make API requests.Example:
let api = service.ServiceApi(); let merchant = /* ... */ api.createMerchants(merchant, (error, data, response) => { // requests and responses will be automatically encrypted and decrypted // accordingly with the configuration used to instantiate the mcapi.Service. /* use response/data object here */ });