Professional Documents
Culture Documents
Fund Transfer 27112021
Fund Transfer 27112021
Fund Transfer 27112021
Release: 1.3
Date: 08th March 2021
Revision History
Revision date Author Version Summary of changes
th
24 June 2019 Pravin Navele 1.0 Draft version
06th Mar 2020 Rishu Gupta 1.1
06th June 2020 Rishu Gupta 1.2 Checksum addition
th
08 March 2021 Gaurav Kale 1.3 Bene Lei Addition
Approvals
This document requires the following approvals:
Format Available
JSON
HTTP Headers
The following header parameters must be sent in each request.
a) Transfer (N/R/I/IMPS/CC/DD)
URL https://sakshamuat.axisbank.co.in/gateway/api/txb/v1/payments/transfer-payment
Method
POST
}}
Encrypted request body fields
}
}
Security Considerations
Following are the security considerations which will need to be followed by the consumers for
successful connectivity with the application:
1. HTTPS and two way SSL
All consumers will be needed to invoke the application over HTTPS protocol. We also have two way
SSL established. This means that we would be validating the consumer certificate. Hence it is required
that the consumer has a certificate and the same is shared with us as a prerequisite.
2. IP whitelisting
We allow only select IP addresses to access our application over the internet. Hence as a consumer it
may be required to whitelist all the ip addresses that the consumer would be consuming the
application from. This step is a prerequisite to setup successful connectivity.
3. Symmetric encryption
The API to be invoked accepts the request body encrypted using encryption algorithm. The body
has to be encrypted using AES-128 encryption. The encryption key will be provided and will be
different for each consumer.
Sample Encryption Decryption code and Checksum Logic
import java.io.ByteArrayOutputStream;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import com.sun.org.apache.xml.internal.security.utils.Base64;
//Encrypt request
public String aes128Encrypt(String plainText) throws Exception
{
byte[] iv = new byte[] { (byte) 0x8E, 0x12, 0x39, (byte) 0x9C, 0x07,
0x72, 0x6F, 0x5A, (byte) 0x8E, 0x12, 0x39, (byte) 0x9C, 0x07,
0x72, 0x6F, 0x5A };
//Encrypt response
public String aes128Decrypt(String encryptedText) throws Exception
{
SecretKeySpec skeySpec = getSecretKeySpecFromHexString(ALGORITHM, KEY);
byte[] encryptedIVandTextAsBytes = Base64.decode(encryptedText);
/** First 16 bytes are always the IV */
byte[] iv = Arrays.copyOf(encryptedIVandTextAsBytes, 16);
}
Checksum Logic
Sample Request:
{
“data”:{
attr1: val1,
attr2 : val2,
.
.
attrN : valN
}
}
Checksum string = val1+val2+…+valN; public
static Object validateInfo(String value) {
return StringUtils.isNotEmpty(value) && "null" != value ? value : StringUtils.EMPTY;
}
finalChkSum.append(
getInnerLevel2Map(
entryInn.getValue(),finalChkSum));
}
}
}else if(!CollectionUtils.isEmpty(tempLst)) {
for(Object strValues : tempLst) {
finalChkSum.append(
validateInfo(
String.valueOf(strValues)));
}
}
finalChkSum.append(
validateInfo(
String.valueOf(entryInn.getValue())
));
}
}else {
finalChkSum.append(
validateInfo(
String.valueOf(entryInnLvl2)));
}
return finalChkSum.toString();
}
Hashing Algorithm
//Based on the final value of
string, checksum will be generated using MD5 algorithm.
public static String encodeCheckSumWithSHA256(String data) {
MessageDigest md;
StringBuilder sb = new StringBuilder();
String response = null;
try {
md = MessageDigest.getInstance(“MD5”);
md.update(data.getBytes(StandardCharsets.UTF_8));
// Get the hashbytes byte[]
hashBytes = md.digest(); // Convert
hash bytes to hex format for (byte
b : hashBytes) {
sb.append(String.format("%02x", b));
}
response = sb.toString();
}catch (Exception e) {
throw new RuntimeException("Internal server error");
}
return response;
}}}