Applying REST API

Sign Up Callback (Application Implementation)

In order to use PASSiKEY login, the callback URL registered in the Login API Setting must be implemented as follows.

Callback for user Encrypt/Decrypt Key exchange

PASSiKEY authentication data and user information are provided securely as encrypted data using Encrypt/Decrypt Key provided by the application. In order for this to work, the application user’s Encrypt/Decrypt Key is provided by performing callback communication with the URL registered in the PASSiKEY Developer Center sign-up process

The HTTP request/response standard of the user Encrypt/Decrypt Key exchange callback is as follows

1. HTTP Request

POST /Applicaiton-Callback-URL HTTP/1.1
Host: Application-Server-Domain
Content-type: application/json;charset=utf-8

2. Parameter

Parameter Type Description Required
client_id String Application Client ID O
used_type String Used Type “1” for Encrypt/Decrypt Key exchange callback O
ptn_cd String Application User Code O
public_key String public encrypt Key (key to encrypt the user ‘Encrypt/Decrypt Key’ ) O

3. Response

Item Type Description
code String “0000” for Success
message String
result Object Response result information
enc_partner_key String Application user Encrypt/Decrypt Key
  • Sample Request/Response JSON

- HTTP Request Body

{	 	
  client_id: "Application Client ID",
  used_type: "1",
  ptn_cd: "Application User Code",
  public_key: "public key (RSA)",
}

- HTTP Response Body

{
  code: "0000",
  message: "",	
  result: {
    enc_partner_key: "Application User Encrypt/Decrypt Key"
  }
}

Example of Encrypt/Decrypt Key generation

Above Application’s user Encrypt/Decrypt Key has to be returned and RSA encrypted with public key that PASSiKEY provides.

Below is an example of using passikey-sdk-rest-client-java that PASSiKEY provides for RSA encryption

// Create user Encrypt/Decrypt Key (Random Code)
String user_encrypt_key = PassikeyCryptUtil.generateCryptKey();

// Encrypt user 'Encrypt/Decrypt Key'
String enc_partner_key = PassikeyCryptUtil.encryptCryptKey(public_key, user_encrypt_key);

Java Example for RSA encryption is as follows
// RSA Encryption
KeyFactory factory = KeyFactory.getInstance("RSA");
byte[] publicKeyBytes = Base64.getDecoder().decode(publicKey);
X509EncodedKeySpec x509Spec = new X509EncodedKeySpec(publicKeyBytes);
PublicKey pk = factory.generatePublic(x509Spec);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pk);
byte[] encryptBytes = cipher.doFinal(plainText.getBytes());
String enc_partner_key = Base64.getEncoder().encodeToString(encryptBytes);

Callback to complete user registration

When the PASSiKEY app user registration is completed, callback to complete user sign up is performed using callback URL registered in application.

Request/Response form for HTTP communication is as follows

1. HTTP Request

POST /Application-Callback-URL HTTP/1.1
Host: Application-Server-Domain
Content-type: application/json;charset=utf-8

2. Parameter

Parameter Name Type Description Required
client_id String Application Client ID O
used_type String Used Type “2” Registration complete O
ptn_cd String Application User Code O
partner_sp String Application User Super Passcode (Encrypted) O
ubifill String Application User Information (Encrypted) X

3. Response

item type description
code String “0000” for success
message String
  • Sample Request/Response JSON

- HTTP Request Body

{	 	
  client_id: "Application Client ID",
  used_type: "2",
  ptn_cd: "Application user code",
  partner_sp: "Application User Super Passcode (Encrypted)",
  ubifill: "Application User Information (Encrypted)"
}

- HTTP Response Body

{
  code: "0000",
  message: ""
}

Example of Decrypting user Super Passcode and user information

partner_sp, ubifill information is encrypted using user Encrypt/Decrypt Key that the application provides.

Below is an example of using passikey-sdk-rest-client-java for decrypting the above information.

// partner_sp Decryption
String decryptedPartnerSp = PassikeyCryptUtil.decryptPartnerSp(user_encrypt_key, partner_sp);

// ubifill Decryption
PassikeyUserInfo userInfo = PassikeyCryptUtil.decryptUbifill(user_encrypt_key, ubifill);
// userInfo.getEmail();
// userInfo.getFirstname();
// userInfo.getLastname();
// userInfo.getCountryCode();
// userInfo.getCountryName();

Authentication (provided by PASSiKEY)

Access Token generation

ptn_token (created by PASSIKEY SDK) is required to obtain Access Token for PASSiKEY login authentication. For information on issuing ptn_token, please refer to PASSIKEY SDK (Android, iOS, JavaScript) documentation.

Request/response format for HTTP callback communication is as follows

1. HTTP Request

POST /process/token HTTP/1.1
Host: partner-auth.passikey.com
Content-type: application/json;charset=utf-8

2. Parameter

Parameter Name Type Description Required
client_id String Application Client ID O
secret_key String Application Server Secret Key O
ptn_token String Application Authentication Token O

3. Response

Item Type Description
code String “0000” for success
message String
result Object Response result information
acs_token String Access token
expire_dt String Access token expiration date (yyyyMMddHH24miss format)
ptn_cd String Applicaiton user code
  • Sample Request/Response JSON

- HTTP Request Body

{	 	
  client_id: "Application Client ID",
  secret_key: "Application Server Secret Key",
  ptn_token: "Application Authentication token"
}

- HTTP Response Body

{
  code: "0000",
  message: "",
  result: {
    acs_token: "Access Token",
    expire_dt: "Access Token Expiration date (yyyyMMddHH24miss format)",
    ptn_cd: "Application user code"
  }
}

Example of Access Token generation

Below is an example of using passikey-sdk-rest-client-java (provided by PASSiKEY) to issue access token

try {
  PassikeyClient client = new PassikeyClient();
  client.init(clientID, secretKey);
  PassikeyResponse<AccessTokenRes> response = client.getAccessToken(ptn_token);
  if (!"0000".equals(response.getCode())) {
    // check error message (response.getMessage())
  } else {
    AccessTokenRes result = response.getResponse();
    // check access token
    result.getAccessToken();
    // check application user code
    result.getUserCode();
  }
} catch (PassikeyResponseException e) {
  // e.getHttpStatusCode() : http status code 
} catch (IOException e) {
  // Connection Error
}

User Authentication

User authentication is performed using access token which was created doing ‘Access Token creation’. It is also able to check if ptn_sp provided by authentication request response equals partner_sp which was provided in registration process.

Request/response format for HTTP communication is as follows

1. HTTP Request

POST /process/authenticate HTTP/1.1
Host: partner-auth.passikey.com
Content-type: application/json;charset=utf-8

2. Parameter

Parameter Name Type Description Required
client_id String Application Client ID O
secret_key String Application Server Secret Key O
acs_token String Application Access Token O

3. Response

item type description
code String “0000” for success
message String
result Object response result information
ptn_sp String Application user Super Passcode (Encrypted)
  • Sample Request/Response JSON

- HTTP Request Body

{	 	
  client_id: "Application Client ID",
  secret_key: "Application Server Secret Key",
  acs_token: "Application Access token"
}

- HTTP Response Body

{
  code: "0000",
  message: "",
  result: {
    ptn_sp: "Application user Super Passcode (Encrypted)",
  }
}

Example for User Authentication

Below is an example of passikey-sdk-rest-client-java that PASSiKEY provides for user authentication

try {
  PassikeyClient client = new PassikeyClient();
  client.init(clientID, secretKey);
  PassikeyResponse<AuthRes> response = client.authenticate(acs_token);
  
  if (!"0000".equals(response.getCode())) {
    // check error message (response.getMessage())
  } else {
    AuthRes result = response.getResponse();
    // check Application user Super passcode
    String decryptedPartnerSp = PassikeyCryptUtil.decryptPartnerSp(user_encrypt_key, result.getPartnerSP());
    // check if decryptedPartnerSp equals partner_sp that was registered in application
  }
} catch (PassikeyResponseException e) {
  // e.getHttpStatusCode() : http status code 
} catch (IOException e) {
  // Connection Error
}

passikey-sdk-rest-client-java Dependency Setting

Libraries for Java development are provided on the PASSIKEY SDK download page.

After downloading the library, add maven dependency as follows.

<dependencies>
  <dependency>
    <groupId>com.rowem.passikey</groupId>
    <artifactId>passikey-sdk-rest-client-java</artifactId>
    <scope>system</scope>
    <systemPath>path-to-library</systemPath>
  </dependency>
</dependencies>