Skip to main content

Arango Adapter Encrypted API's

Overview

We have created this encrypted APIs for the security purpose because if we invoke the Adapter API and send the payload without any encryption it may get this details by any third person. To avoid this we created this APIs.

We implemented two encryption methods in this API's

  1. MD5 encryption method
  2. AES256 encryption method

List of APIs

API NameAPI URL
Upsert documenthttps://arangodbservice.dev.ainqaplatform.in/api/v1/upsert_document
Read documenthttps://arangodbservice.dev.ainqaplatform.in/api/v1/read_documents
Soft Delete documenthttps://arangodbservice.dev.ainqaplatform.in/api/v1/soft_delete

Upsert Document

This API used to perform Insert/Update operations in the ArangoDB and we follows two types of encryption methods in the API.

In each API, we have to send headers, body payload.

In Request header, we need to send the MD5 encrypted hash string secret key.

In Request Body, we need to send the AES encrypted string.

Create Secret Key

The Secret key was a MD5 encrpted string. we need to pass secret key in the API Request header.

The Secret key was a combination of actual payload plus api key.

The API key is 95ce3c3a-1c21-47a2-b08a-19e1f832ce58

Example for to build secret key

Sample payload with api key

[ { "db_name": "ArangoDBTests", "entity": "users", "is_metadata": true, "metadataId": "961133f7-45cc-4a90-ab34-2d39e14fc928", "metadata_dbname": "ATP_Metadata_Dev", "doc": { "name": "rk", "age": "20", "phoneNo": "98898989", "address": "sample" } }, { "apikey": "95ce3c3a-1c21-47a2-b08a-19e1f832ce58" } ]

Convert the above payload to MD5 hash string and send it in API Request header

MD5 hash string - 146ab8f3c57a18bd4ceede56bcf15e87

Create Encrypted Request Body Payload

Sample payload with api key

[ { "db_name": "ArangoDBTests", "entity": "users", "is_metadata": true, "metadataId": "961133f7-45cc-4a90-ab34-2d39e14fc928", "metadata_dbname": "ATP_Metadata_Dev", "doc": { "name": "rk", "age": "20", "phoneNo": "98898989", "address": "sample" } } ]

Convert the above payload to AES encrypted string and send it in API Request body payload.

AES encrypted string - U2FsdGVkX19q2UMCyUN7J1gjt54SreGg/r1DEBIRytDyolQohO0uPrtdjvGskcSiGYTRE4kI9CUjBR+P9H+NHhB5IUMK+5Vd5hwc5noXMLhSWFIWm5gEsBBgFXySgwqsa2xUoVa8dJqhNVwcmhIIXqxZ6BqfTWMaGJGLayc6nPhh1S0pKDMYch93C9BvUKBg7AeSFpaSD5VT/q3wAqVSXJztavFSBVpUQeZyAWBaeOaPIHWhj7/rdWnzUzMpL7K/N8AqAAk6en0IQ2+L5QSSKAlaeUZxQ5JXQqRNalB6YnTuutHGYzPpGJhVeyXda7Zopgjtk/MiKuyeKAFUgTuWyw==

Sample Request Body payload:

{ 

"params":"U2FsdGVkX19q2UMCyUN7J1gjt54SreGg/r1DEBIRytDyolQohO0uPrtdjvGskcSiGYTRE4kI9CUjBR+P9H+NHhB5IUMK+5Vd5hwc5noXMLhSWFIWm5gEsBBgFXySgwqsa2xUoVa8dJqhNVwcmhIIXqxZ6BqfTWMaGJGLayc6nPhh1S0pKDMYch93C9BvUKBg7AeSFpaSD5VT/q3wAqVSXJztavFSBVpUQeZyAWBaeOaPIHWhj7/rdWnzUzMpL7K/N8AqAAk6en0IQ2+L5QSSKAlaeUZxQ5JXQqRNalB6YnTuutHGYzPpGJhVeyXda7Zopgjtk/MiKuyeKAFUgTuWyw=="

}

Sample Request Header

Also send the secret key in the request header section

Secret : abc1b067288b696c46c43570d036036e

sample Response Body Payload

{ 

"params": "U2FsdGVkX18qWntHxLv2KBcAzGvfmC5JPNwRL37HQeLD0lkTu5gDunOG5dTdGK2HHQubuYSbnF7tHMPlUGJYom2yH/9JZ6YtXlZrycFK4FV1oSAOYV8RRaws7R7j2zPTTzGh4Ndb+kBdNmkX1Epz+zXJhHhnVSpGG8N375653/ZAkavUg9riymuBCsAC1rF+CjdJSwTr9eI8ZYcjw/mgv5eint2wr8NI04wOwDiXWHS2zLash1czdJr1pEEi0qShkabfOIfJwI7cXRfUEXovO8A3QJqlbqGNA4GnUIGQMnefX5zuOPomjNDveIiliJ4j+gPId+uZm134O6JJcGOIL1kBg9BkeDvvDyJB6IZhAg7msEeNibQ17rqcxgmbCykd96abb52qwLOkYoR+KzYc8IYZs42xpvLJ6lddNX+BRYmzdxcaR72PMiqcGjmlwdsk1v05XyESoENqotwmWjB06w=="

}

sample Response Header

Secret: f5c2ef1d20f545ee382acc9ff16e6908

Validate Response Header and Response Body

In the API response we can get secret key in response header and API actual response in AES256 encrypted format string.

In UI side first check the secret key and then decode the request body response string.

Read Document

This API used to perform read operations in the ArangoDB and we follows two types of encryption methods in the API.

In each API, we have to send headers, body payload.

In Request header, we need to send the MD5 encrypted hash string secret key.

In Request Body, we need to send the AES encrypted string.

Create Secret Key

The Secret key was a MD5 encrpted string. we need to pass secret key in the API Request header.

The Secret key was a combination of actual payload plus api key.

The API key is 95ce3c3a-1c21-47a2-b08a-19e1f832ce58

Example for to build secret key

Sample payload with api key

{ "db_name": "ArangoDBTests", "entity": "users", "return_fields": "users", "apikey": "95ce3c3a-1c21-47a2-b08a-19e1f832ce58" }

Convert the above payload to MD5 hash string and send it in API Request header

MD5 hash string - a0c391a14f51a653e6048ccd1853cd4c

Create Encrypted Request Body Payload

Sample payload

{ "db_name": "ArangoDBTests", "entity": "users", "return_fields": "users" }

Convert the above payload to AES encrypted string and send it in API Request body payload.

AES encrypted string - U2FsdGVkX1+y+7ThlyMgO0i0r7vxYsgp2E+YGXJgVlnIR3rfm35H1vfn2r9dZ4xIpdDrOw9dlRFolo4g3WkvBPaZLRehcXGr9lNEs/eSHKqpBUkJ4mV2X+Nu3OWqeOY3

Sample Request Body payload:

{ "params":"U2FsdGVkX1+y+7ThlyMgO0i0r7vxYsgp2E+YGXJgVlnIR3rfm35H1vfn2r9dZ4xIpdDrOw9dlRFolo4g3WkvBPaZLRehcXGr9lNEs/eSHKqpBUkJ4mV2X+Nu3OWqeOY3" }

Sample Request Header

Also send the secret key in the request header section

Secret : a0c391a14f51a653e6048ccd1853cd4c

sample Response Body Payload

{ "params": "U2FsdGVkX198pr66ei8y50EDyTZD1f4/NzZbC0BzGeeZMzWVd4MIAPuTH/EQN5Q+w2kq2Q3kcMoSyFBWOhUWfrwK/PmaknrzzCpek29HZe0qYgm9WjKos00rzsVWF0h91Nl0ZZ99oa5y+rUEraRThy1oDoTyEw63Mno1hIBGVd/aiEQ6evQQdIZSX/Aw0iV1wIja9wBk/sgBexbRed+e3nP0NOA/8JzvhAbKOFblcyjroNXmYweWl5kwRL3T2+1dYLUlc//m0Q8pQM+oXpD2YY+/vyFIHGo7N/2y+K4lBcdafjPt/5Ws7GTTzb2oL5DOhzbmvsPFXSGg8jLjTObsgpcC4SB0DcGNgTY4Y7qJ0avb0O8UujhVWHSgPJGTOzk7mkzJbCn3ywWC3/Lki2bCjCKHVSl/JqiHs7/a7yyvdXo=" }

sample Response Header

Secret: ef8555bac222964335c3b5a72c254574

Validate Response Header and Response Body

In the API response we can get secret key in response header and API actual response in AES256 encrypted format string.

In UI side first check the secret key and then decode the request body response string.

If the secret key doesn't match it will return error response

Soft Delete

This API used to perform delete operations in the ArangoDB and we follows two types of encryption methods in the API.

In each API, we have to send headers, body payload.

In Request header, we need to send the MD5 encrypted hash string secret key.

In Request Body, we need to send the AES encrypted string.

Create Secret Key

The Secret key was a MD5 encrpted string. we need to pass secret key in the API Request header.

The Secret key was a combination of actual payload plus api key.

The API key is 95ce3c3a-1c21-47a2-b08a-19e1f832ce58

Example for to build secret key

Sample payload with api key

{ "db_name": "ArangoDBTests", "entity": "users", "filter": "users._key=='10000'", "metadata_dbname": "ATP_Metadata_Dev", "apikey": "95ce3c3a-1c21-47a2-b08a-19e1f832ce58" }

Convert the above payload to MD5 hash string and send it in API Request header

MD5 hash string - 832eabbc3f9e7763ee928c9aad7dee48

Create Encrypted Request Body Payload

Sample payload

{ "db_name": "ArangoDBTests", "entity": "users", "filter": "users._key=='10000'", "metadata_dbname": "ATP_Metadata_Dev" }

Convert the above payload to AES encrypted string and send it in API Request body payload.

AES encrypted string - U2FsdGVkX18BH3eRATIkRrwDbY3/s3yEkg0wf8r+IFmu7dBinhE0TIRFo+8tmYPvQfKAhozL1Lp+tOrtcj80sQh+MIuySMhk6xO23yyT8u3sPTKeghj4eOgJgMqX8nbmzaXAcxdolAuudTcu0KM+AwGiNmbg2mRCM6b/m23WMYiec4cWofM8fFCie87aPSQR

Sample Request Body payload:

{ "params":"U2FsdGVkX18BH3eRATIkRrwDbY3/s3yEkg0wf8r+IFmu7dBinhE0TIRFo+8tmYPvQfKAhozL1Lp+tOrtcj80sQh+MIuySMhk6xO23yyT8u3sPTKeghj4eOgJgMqX8nbmzaXAcxdolAuudTcu0KM+AwGiNmbg2mRCM6b/m23WMYiec4cWofM8fFCie87aPSQR" }

Sample Request Header

Also send the secret key in the request header section

Secret : 832eabbc3f9e7763ee928c9aad7dee48

sample Response Body Payload

{ "params": "U2FsdGVkX1+GPJK2q8furh5FG+t6+gp/3u3igOR3GYhT4UEUcUKFsdJ9SPEtCCxN/ckne8TtTj5b++JbPMg1KMozdsrJACMb9GaoR2IfLHyTNdtGnIijLwGWMMDjI3DF0wiE/+lfnTN1IZPdaqyBDhA+Y+2rCPJnCfTUrxdeYwRj2QJaeaIzUrREGwLH+dXOoRy6Cy8P/ygaJSYXgImCbSBZLVuTEjFFn2ApuCmwpzeOUvmbFSQF2gZz09lrEupGfkBUacqAmXSiiH5t/TNTpsmLEcxoC+K2g48C+lhRwc1bS0vPCLyMobBCNVNtqAYg97agDn5yLX3KyQlVGLVDAc6kg9E+L1yNyxakxvaR9cYgaJGqb9DJ53SifaP/Mtnx" }

sample Response Header

Secret: 1ecac6e3b4c296c7cbdc476ecb040e02

Validate Response Header and Response Body

In the API response we can get secret key in response header and API actual response in AES256 encrypted format string.

In UI side first check the secret key and then decode the request body response string.

If the secret key doesn't match it will return error response