Changes for page Payment API

Last modified by Thomas Warren on 2020/01/23 13:50
From version 29.10
edited by Thomas Warren
on 2020/01/23 08:48
To version 29.11
edited by Thomas Warren
on 2020/01/23 08:49
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,8 +1,9 @@
1 1  # Public Payment API
2 +======
2 2  ## Overview
3 -Edit
4 -This API is a gateway for receiving payments through our system. It's ment to simplify external integration between different domains such as credit cards, prepaid cards and value codes.
5 5  
5 +Edit This API is a gateway for receiving payments through our system. It's ment to simplify external integration between different domains such as credit cards, prepaid cards and value codes.
6 +
6 6  ## Swagger documentation
7 7  
8 8  * [VasPublicPaymentApi](https://stage-evc.payex.com/payment-api/swagger-ui.html)
... ... @@ -18,24 +18,21 @@
18 18  
19 19  ## Project setup
20 20  
21 -```
22 -vas-payment-api-client
23 -├─┬ backend → backend module with Spring Boot code
24 -│ ├── src
25 -│ └── pom.xml
26 -├─┬ frontend → frontend module with Vue.js code
27 -│ ├── src
28 -│ └── pom.xml
29 -└── pom.xml → Maven parent pom managing both modules
30 -```
22 + vas-payment-api-client
23 + ├─┬ backend → backend module with Spring Boot code
24 + │ ├── src
25 + │ └── pom.xml
26 + ├─┬ frontend → frontend module with Vue.js code
27 + │ ├── src
28 + │ └── pom.xml
29 + └── pom.xml → Maven parent pom managing both modules
31 31  
32 32  ## Security
33 33  
34 -<details>
35 - <summary>Oauth2:</summary>
33 + Oauth2:
36 36  
37 37  VasPublicPaymentApi requires an OAuth2 access token for interaction.
38 -This application automatically handles token fetching and refreshing by using [Spring Security](https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/htmlsingle/#boot-features-security-custom-user-info-client).
36 +This application automatically handles token fetching and refreshing by using [Spring Security](https://docs.spring.io/spring-security-oauth2-boot/docs/current/reference/htmlsingle/#boot-features-security-custom-user-info-client).
39 39  Configuration values are set in [application.yml](./backend/src/main/resources/application.yml):
40 40  
41 41  ```yaml
... ... @@ -52,6 +52,7 @@
52 52   scope: publicapi
53 53  
54 54  ```
53 +
55 55  And the implementation of these are located in [Oauth2RestTemplateConfiguration.java](./backend/src/main/java/com/payex/vas/demo/config/security/Oauth2RestTemplateConfiguration.java):
56 56  
57 57  ```java
... ... @@ -74,13 +74,10 @@
74 74  }
75 75  ```
76 76  
77 -</details>
76 + HMAC:
78 78  
79 -<details>
80 - <summary>HMAC:</summary>
81 -
82 82  The API also requires HMAC authentication to be present in a request.
83 -In this client the HMAC value is automatically calculated by [HmacSignatureBuilder.java](./backend/src/main/java/com/payex/vas/demo/config/security/HmacSignatureBuilder.java) and added to all outgoing requests in [ExternalRequestInterceptor.java](./backend/src/main/java/com/payex/vas/demo/config/ExternalRequestInterceptor.java)
79 +In this client the HMAC value is automatically calculated by [HmacSignatureBuilder.java](./backend/src/main/java/com/payex/vas/demo/config/security/HmacSignatureBuilder.java) and added to all outgoing requests in [ExternalRequestInterceptor.java](./backend/src/main/java/com/payex/vas/demo/config/ExternalRequestInterceptor.java)
84 84  
85 85  HMAC is implemented using SHA-512 secure hash algorithm.
86 86  
... ... @@ -89,6 +89,7 @@
89 89  ```text
90 90  HmacSHA512 <user>:<nonce>:<digest>
91 91  ```
88 +
92 92  where `digest` is a Base64 formatted HMAC SHA512 digest of the following string:
93 93  
94 94  ```text
... ... @@ -100,11 +100,8 @@
100 100  PAYLOAD\n
101 101  ```
102 102  
103 -`METHOD` (mandatory) the requested method (in upper case)
104 -`RESOURCE` (mandatory) the path to desired resource (without hostname and any query parameters)
105 -`NONSE` (mandatory) a unique value for each request ([UUID](https://tools.ietf.org/rfc/rfc4122.txt))
106 -`DATE`(optional) same as `Transmission-Time` if provided as seperate header. Uses [ISO8601 standard](https://en.wikipedia.org/wiki/ISO_8601)
107 -`PAYLOAD` (optional) body of request
100 +`METHOD` (mandatory) the requested method (in upper case) `RESOURCE` (mandatory) the path to desired resource (without hostname and any query parameters)
101 +`NONSE` (mandatory) a unique value for each request ([UUID](https://tools.ietf.org/rfc/rfc4122.txt)) `DATE`(optional) same as `Transmission-Time` if provided as seperate header. Uses [ISO8601 standard](https://en.wikipedia.org/wiki/ISO_8601) `PAYLOAD` (optional) body of request
108 108  
109 109  Example request:
110 110  
... ... @@ -147,10 +147,8 @@
147 147  }
148 148  ```
149 149  
150 -The plain `digest` string is then hashed with `HmacSHA512` algorithm and the `SECRET`.
151 -Finally we Base64 encode the hashed value. This is the final `digest` to be provided in the `Hmac` header.
144 +The plain `digest` string is then hashed with `HmacSHA512` algorithm and the `SECRET`. Finally we Base64 encode the hashed value. This is the final `digest` to be provided in the `Hmac` header.
152 152  
153 -
154 154  Final `Hmac` header value:
155 155  
156 156  ```text
... ... @@ -158,6 +158,7 @@
158 158  ```
159 159  
160 160  #### Postman example script
153 +
161 161  In pre-request script copy/paste the following snippet:
162 162  
163 163  ```javascript
... ... @@ -225,10 +225,8 @@
225 225  
226 226  ```
227 227  
228 -
229 -</details>
230 -
231 231  ### Security documentation
222 +
232 232  * [OAuth2](https://oauth.net/2/)
233 233  * [Client Credentials](https://www.oauth.com/oauth2-servers/access-tokens/client-credentials/)
234 234  * [The RESTful CookBook: HMAC](http://restcookbook.com/Basics/loggingin/)
... ... @@ -236,8 +236,8 @@
236 236  
237 237  ## First App run
238 238  
239 -__NB! The application expects a PostgreSQL server to be running on localhost with a username `test` and password `test` to exist.__
240 -__This can automatically be configured if PostgreSQL server is started in docker with environment variables `POSTGRES_USER=test` and `POSTGRES_PASSWORD=test` are set (See [docker-compose.yml](./docker-compose.yml)).__
230 +**NB! The application expects a PostgreSQL server to be running on localhost with a username `test` and password `test` to exist.**
231 +**This can automatically be configured if PostgreSQL server is started in docker with environment variables `POSTGRES_USER=test` and `POSTGRES_PASSWORD=test` are set (See [docker-compose.yml](./docker-compose.yml)).**
241 241  
242 242  Inside the root directory, do a:
243 243  
... ... @@ -251,21 +251,22 @@
251 251  mvn --projects backend spring-boot:run
252 252  ```
253 253  
254 -Now go to http://localhost:8080/ and have a look at your new client.
245 +Now go to <http://localhost:8080/> and have a look at your new client.
255 255  
256 256  ## Testing application
257 257  
258 258  1. Add a new card with provided details from PayEx.
259 -2. Click on newly added Card
260 -3. Click on "initiate payment" to create a new transaction
261 -
250 +1. Click on newly added Card
251 +1. Click on "initiate payment" to create a new transaction
262 262  
263 263  ## Build docker image:
254 +
264 264  ```bash
265 265  mvn --projects backend clean compile jib:dockerBuild
266 266  ```
267 -
258 +
268 268  ## Deploy to local docker:
260 +
269 269  ```bash
270 270  docker-compose up -d
271 271  ```

Tips

Did you know that you can improve XWiki? Take 5 minutes to fill this survey and help this open source project!

Need help?

If you need help with XWiki you can contact: