The license plan purchased by your organization should support Payload Encryption.

There needs to be a key-pair exchange between you and Leegality. The Leegality team will share our public key with you (in .cer.txt format) and you need to share your organisation's public key (in .cer.txt format) with us. This key-pair exchange will happen over secure email channels.

Specify the user IDs through which you will make API calls to Leegality.

The Leegality team will map & configure the public certificate shared by you in step 2 above against these specified user IDs.

Before starting, please ensure you are calling the latest version of the APIs which support payload encryption.

When using payload encryption, pass the request header ‘content-encoding’ with value ‘encrypted’. The other headers should be passed as usual as per the API documentation.

Prepares the standard request payload as per API documentation.

Generate a 256-bit AES key and IV (Initialisation Vector). Use the AES key to encrypt the API payload (prepared in step 3). The encrypted payload has to be sent as the 'payload' key in the API call in the form of a base64 encoded string.

Combine the AES key & IV generated in step 4, and then encrypt the combined string with Leegality’s public key using the RSA algorithm.

This encrypted AES key & IV are to be passed in the API call as the 'salt' key in the form of a base64 encoded string. The ‘salt’ key must be 48 bit long and must contain both the AES key and IV (Initialization vector):

See a sample of the final request payload below:

On receiving the API call, Leegality will decrypt the ‘salt’ using its private key, and then decrypt the ‘payload’ using the decrypted AES key. After performing business logic, Leegality will prepare the response payload as per API documentation.

Leegality will generate a 256-bit AES key and IV (Initialisation Vector). The AES key will be used to encrypt the response payload which is sent as the 'payload' key in the API response in the form of a base64 encoded string.

The AES key & IV (generated in step 2 above) will be further encrypted with the public key (shared by the customer) using RSA algorithm. The encrypted AES key & IV will be passed in the API response as the 'salt' key in the form of a base64 encoded string. The ‘salt’ key will be 48 bit long and will contain both the AES key and IV:

See a sample of the final response payload that you will receive from Leegality below:

On receiving the response, you will have to first decrypt the ‘salt’ using your organisation's private key to obtain the AES key, and then decrypt the payload using the AES key.

You can access a sample Java application/source code for encryption, decryption and other related steps here:
https://gitlab.leegality.com/leegality-public/encryption-decryption-util.

Encryption in Leegality webhooks works in a similar way, but there are certain additional pre-requisities. For using encryption in Webhooks, refer to our Webhook documentation here:
https://docs.leegality.com/webhooks_resources#section/Payload-Encryption.

Basic authentication parameters (like username and password)

Bearer/Token authentication parameters (fetching token or code from an API request and adding it to the webhook headers)

Share your authentication requirements with the Leegality Support Team from your registered admin email ID at support@leegality.com over a secure email including