Skip to content

Commit

Permalink
Update README
Browse files Browse the repository at this point in the history
  • Loading branch information
@joseph-neeraj
joseph-neeraj committed Nov 12, 2024
1 parent bf50668 commit d6d9814
Show file tree
Hide file tree
Showing 4 changed files with 282 additions and 4 deletions.
28 changes: 24 additions & 4 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,25 @@ As part of this set up, you'll receive credentials for your app:

#### One-Click Import
To import two ready to be used "sandbox" and "production" environments:
1. Click [![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json)
1. Depending on your use case, click either of these:
- No encryption:
[![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json)

- Mastercard Encryption:
[![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-mastercard-encryption-insomnia-workspace.json)

- JWE Encryption:
[![](https://img.shields.io/badge/insomnia-install%20workspace-purple.svg?color=6a57d5)](https://insomnia.rest/run/?label=Import%20Mastercard%20Workspace&uri=https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-jwe-encryption-insomnia-workspace.json)
2. Click "Run Import Mastercard Workspace"

Alternatively, you can:
1. Go to Application > Preferences > Data
2. Click "Import Data"
3. Click "From URL"
4. Type: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json
4. Input either of these depending on your use case:
- No encryption: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-insomnia-workspace.json
- Mastercard encryption: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-mastercard-encryption-insomnia-workspace.json
- JWE encryption: https://raw.githubusercontent.com/Mastercard/insomnia-plugin-mastercard/master/workspace/mastercard-apis-with-jwe-encryption-insomnia-workspace.json
5. Click "Fetch and Import"

![](https://user-images.githubusercontent.com/3964455/68041294-2d966300-fcc8-11e9-887a-cfadf183c4c1.gif)
Expand Down Expand Up @@ -116,7 +127,9 @@ From now on, an `Authorization` header will be automatically added to every requ

### Encryption <a name="encryption"></a>
This plugin can take care of encrypting requests and/or decrypting response payloads. To enable encryption support,
you need to configure in the environment the `encryptionConfig` property:
you need to configure in the environment the `encryptionConfig` property.

Here's a quick example for Mastercard Encryption:

```jsonc
{
Expand Down Expand Up @@ -176,7 +189,14 @@ As an alternative to providing the `privateKey` in the `encryptionConfig`, you c
}
}
```
For further details on the configuration object and predefined service configurations, please checkout this [page](https://github.com/Mastercard/client-encryption-nodejs/wiki).

[See more examples here](docs/encryption-examples.md).

Both Mastercard encryption and JWE encryption are supported.
For more details on the encryption configurations, checkout these links:
- [Mastercard Encryption](https://github.com/Mastercard/client-encryption-nodejs/blob/main/README.md#configuring-the-field-level-encryption)
- [JWE Encryption](https://github.com/Mastercard/client-encryption-nodejs/blob/main/README.md#configuring-the-jwe-encryption)


## Further Reading <a name="further-reading"></a>

Expand Down
256 changes: 256 additions & 0 deletions docs/configuration-examples.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,256 @@
# Example Configurations

Example configurations for Insomnia. Make sure to remove the comments before using.

- [Authentication](#authentication)
- [Mastercard Encryption](#mastercard-encryption)
* [Real world example](#mastercard-encryption-real-world-example)
- [JWE Encryption](#jwe-encryption)
* [Real world example](#jwe-encryption-real-world-example)
- [Notes](#notes)

## Authentication

```json
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "/path/to/auth-keystore.p12",
"keystorePassword": "keystorepassword",

// domains to which this config should be applied to.
"appliesTo": [
"mastercard.com"
]
}
}
```

## Mastercard Encryption
```json
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "/path/to/auth-keystore.p12",
"keystorePassword": "keystorepassword",

// domains to which this config should be applied to.
"appliesTo": [
"mastercard.com"
],

"encryptionConfig": {
"paths": [
{
"path": "/*",
"toEncrypt": [
{
// path to the element to be encrypted in request JSON.
// use "$" for encrypting the whole request.
"element": "path.to.element.to.be.encrypted",
// path to object where encryption fields are to be stored in request JSON.
// use "$" for the root of the JSON object.
"obj": "path.to.encrypted.output.element"
}
],
"toDecrypt": [
{
// path to object with encryption fields in response JSON.
// use "$" for the root of the JSON.
"element": "path.to.element.to.be.decrypted",

// path to element where decrypted fields are to be stored in the response JSON.
// use "$" for the root of the JSON object.
"obj": "path.to.decryption.output"
}
]
}
],
"oaepPaddingDigestAlgorithm": "SHA-256",
"dataEncoding": "hex", // "hex" or "base64"
"ivFieldName": "iv",
"encryptedKeyFieldName": "encryptedKey",
"encryptedValueFieldName": "encryptedValue",
"oaepHashingAlgorithmFieldName": "oaepHashingAlgorithm",
"publicKeyFingerprintFieldName": "publicKeyFingerprint",
"publicKeyFingerprintType": "certificate", // "certificate" or "publicKey"
"publicKeyFingerprint": "0000000000000000000000000000000000000000000000000000000000000000",
"encryptionCertificate": "/path/to/encryption-certificate.pem",
"keyStore": "/path/to/decryption-keystore.p12",
"keyStoreAlias": "decryption-keyalias",
"keyStorePassword": "decryption-keystorepassword"
}
}
}
```
### Mastercard Encryption Real world example

This is a real world example for an API which uses Mastercard Encryption.
```json
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "/path/to/auth-keystore.p12",
"keystorePassword": "keystorepassword",
"encryptionConfig": {
"paths": [
{
"path": "$",
"toEncrypt": [
{
"element": "$",
"obj": "$"
}
],
"toDecrypt": [
{
"element": "$",
"obj": "$"
}
]
}
],
"oaepPaddingDigestAlgorithm": "SHA-256",
"dataEncoding": "base64",
"ivFieldName": "iv",
"encryptedKeyFieldName": "encryptedKey",
"encryptedValueFieldName": "encryptedValue",
"oaepHashingAlgorithmFieldName": "oaepPaddingDigestAlgorithm",
"publicKeyFingerprintFieldName": "publicKeyFingerprint",
"publicKeyFingerprintType": "certificate",
"publicKeyFingerprint": "0000000000000000000000000000000000000000000000000000000000000000",
"encryptionCertificate": "/path/to/encryption-certificate.pem",
"keyStore": "/path/to/decryption-keystore.p12",
"keyStoreAlias": "decryption-keyalias",
"keyStorePassword": "decryption-keystorepassword"
}
}
}
```

## JWE Encryption
```json
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "/path/to/auth-keystore.p12",
"keystorePassword": "keystorepassword",

// domains to which this config should be applied to.
"appliesTo": [
"mastercard.com"
],

"encryptionConfig": {
"paths": [
{
"path": "/*",
"toEncrypt": [
{
// path to the element to be encrypted in request JSON.
// use "$" for encrypting the whole request.
"element": "path.to.element.to.be.encrypted",
// path to object where encryption fields are to be stored in request JSON.
// use "$ for the root of the JSON object.
"obj": "path.to.encrypted.output.element"
}
],
"toDecrypt": [
{
// path to object with encryption fields in response JSON.
// use "$ for the root of the JSON.
"element": "path.to.element.to.be.decrypted",

// path to element where decrypted fields are to be stored in the response JSON.
// use "$" for the root of the JSON object.
"obj": "path.to.decryption.output"
}
]
}
],
"mode": "JWE",
"encryptedValueFieldName": "encryptedData",
"encryptionCertificate": "/path/to/encryption-certificate.pem",
"keyStore": "/path/to/decryption-keystore.p12",
"keyStoreAlias": "decryption-keyalias",
"keyStorePassword": "decryption-keystorepassword"
}
}
}
```

### JWE Encryption Real World Example
This is a real world example for an API which uses JWE Encryption.
```json
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "/path/to/auth-keystore.p12",
"keystorePassword": "keystorepassword",
"appliesTo": [
"mastercard.com"
],
"encryptionConfig": {
"paths": [
{
"path": "/*",
"toEncrypt": [
{
"element": "sensitiveData",
"obj": "encryptedValue"
}
],
"toDecrypt": [
{
"element": "encryptedValue",
"obj": "sensitiveData"
}
]
}
],
"mode": "JWE",
"encryptedValueFieldName": "encryptedValue",
"encryptionCertificate": "/path/to/encryption-certificate.pem",
"keyStore": "/path/to/decryption-keystore.p12",
"keyStoreAlias": "keyalias",
"keyStorePassword": "keystorepassword"
}
}
}
```

## Notes
Instead of providing the `keyStore`, `keyStoreAlias` and `keyStorePassword`,
```json
{
"mastercard": {
// ... //
"encryptionConfig": {
// ... //
"encryptionCertificate": "/path/to/encryption-certificate.pem",
"keyStore": "/path/to/decryption-keystore.p12",
"keyStoreAlias": "decryption-keyalias",
"keyStorePassword": "decryption-keystorepassword"
}
}
}
```
you can also directly provide the `privateKey` from the decryption key store:
```json
{
"mastercard": {
// ... //
"encryptionConfig": {
// ... //
"encryptionCertificate": "/path/to/encryption-certificate.pem",
"privateKey": "/path/to/private/key"
}
}
}
```

1 change: 1 addition & 0 deletions workspace/mastercard-apis-with-jwe-encryption-insomnia-workspace.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
{"_type":"export","__export_format":4,"__export_date":"2024-11-12T12:17:08.952Z","__export_source":"insomnia.desktop.app:v10.0.0","resources":[{"_id":"req_3dbec0152dac4997bc286cfc10552b89","parentId":"wrk_9a317c88170c45799db5c1f9863c17ab","modified":1731413792650,"created":1572009619195,"url":"{{ host }}/service/path","name":"Endpoint I'd like to call (update me!)","description":"","method":"POST","body":{"mimeType":"application/json","text":"{\n\t\"dummy\": \"request\"\n}"},"parameters":[],"headers":[{"name":"Content-Type","value":"application/json"}],"authentication":{},"metaSortKey":-1572009619195,"isPrivate":false,"pathParameters":[],"settingStoreCookies":true,"settingSendCookies":true,"settingDisableRenderRequestBody":false,"settingEncodeUrl":true,"settingRebuildPath":true,"settingFollowRedirects":"global","_type":"request"},{"_id":"wrk_9a317c88170c45799db5c1f9863c17ab","parentId":null,"modified":1731413759428,"created":1731413759428,"name":"Mastercard APIs","description":"","scope":"collection","_type":"workspace"},{"_id":"env_dcac0603f64848419e9b52229b1e80ca","parentId":"wrk_9a317c88170c45799db5c1f9863c17ab","modified":1572009219908,"created":1551873508962,"name":"New Environment","data":{},"dataPropertyOrder":{},"color":null,"isPrivate":false,"metaSortKey":1551873508962,"_type":"environment"},{"_id":"jar_123fe23b518e49a185dbd17e6cd086b1","parentId":"wrk_9a317c88170c45799db5c1f9863c17ab","modified":1731080492448,"created":1731080492448,"name":"Default Jar","cookies":[],"_type":"cookie_jar"},{"_id":"env_9e83a06542a14b7bb52f5801bd507605","parentId":"env_dcac0603f64848419e9b52229b1e80ca","modified":1731083756416,"created":1572009184884,"name":"Production","data":{"host":"https://api.mastercard.com","mastercard":{"consumerKey":"000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000","keyAlias":"keyalias","keystoreP12Path":"/path/to/production-signing-key.p12","keystorePassword":"keystorepassword","appliesTo":["mastercard.com"],"encryptionConfig":{"paths":[{"path":"/*","toEncrypt":[{"element":"path.to.element.to.be.encrypted","obj":"path.to.encrypted.output.element"}],"toDecrypt":[{"element":"path.to.element.to.be.decrypted","obj":"path.to.decryption.output"}]}],"mode":"JWE","encryptedValueFieldName":"encryptedData","encryptionCertificate":"/path/to/encryption-certificate.pem","keyStore":"/path/to/decryption-keystore.p12","keyStoreAlias":"decryption-keyalias","keyStorePassword":"decryption-keystorepassword"}}},"dataPropertyOrder":{"&":["host","mastercard"],"&~|mastercard":["consumerKey","keyAlias","keystoreP12Path","keystorePassword","appliesTo","encryptionConfig"],"&~|mastercard~|encryptionConfig":["paths","mode","encryptedValueFieldName","encryptionCertificate","keyStore","keyStoreAlias","keyStorePassword"],"&~|mastercard~|encryptionConfig~|paths~|0":["path","toEncrypt","toDecrypt"],"&~|mastercard~|encryptionConfig~|paths~|0~|toEncrypt~|0":["element","obj"],"&~|mastercard~|encryptionConfig~|paths~|0~|toDecrypt~|0":["element","obj"]},"color":"#00ff00","isPrivate":false,"metaSortKey":1572009184884,"_type":"environment"},{"_id":"env_8638bcdf0daa431eb26750192df09806","parentId":"env_dcac0603f64848419e9b52229b1e80ca","modified":1731083769084,"created":1572542085385,"name":"Sandbox","data":{"host":"https://sandbox.api.mastercard.com","mastercard":{"consumerKey":"000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000","keyAlias":"keyalias","keystoreP12Path":"/path/to/sandbox-signing-key.p12","keystorePassword":"keystorepassword","appliesTo":["mastercard.com"],"encryptionConfig":{"paths":[{"path":"/*","toEncrypt":[{"element":"path.to.element.to.be.encrypted","obj":"path.to.encrypted.output.element"}],"toDecrypt":[{"element":"path.to.element.to.be.decrypted","obj":"path.to.decryption.output"}]}],"mode":"JWE","encryptedValueFieldName":"encryptedData","encryptionCertificate":"/path/to/encryption-certificate.pem","keyStore":"/path/to/decryption-keystore.p12","keyStoreAlias":"decryption-keyalias","keyStorePassword":"decryption-keystorepassword"}}},"dataPropertyOrder":{"&":["host","mastercard"],"&~|mastercard":["consumerKey","keyAlias","keystoreP12Path","keystorePassword","appliesTo","encryptionConfig"],"&~|mastercard~|encryptionConfig":["paths","mode","encryptedValueFieldName","encryptionCertificate","keyStore","keyStoreAlias","keyStorePassword"],"&~|mastercard~|encryptionConfig~|paths~|0":["path","toEncrypt","toDecrypt"],"&~|mastercard~|encryptionConfig~|paths~|0~|toEncrypt~|0":["element","obj"],"&~|mastercard~|encryptionConfig~|paths~|0~|toDecrypt~|0":["element","obj"]},"color":"#ff8040","isPrivate":false,"metaSortKey":1572542085385,"_type":"environment"}]}
Loading

0 comments on commit d6d9814

Please sign in to comment.