Mini App - Web token
Purpose of the document
This document defines the data exchange rules of the Socialpay 3.0 system, which is being newly developed by Golomt Bank.
General request information
When sending data, it is necessary to prepare and send the JSON of the request according to the SPEC in the Request Body section using the HTTP protocol and REST using the POST function.
| Protocol | HTTP |
|---|---|
| Method | POST |
| URL (үндсэн орчин) | https://sp-api.golomtbank.com/api |
| Request Headers | |
| Content-Type | Application/json |
| X-Golomt-Cert-Id | There is a fixed value given in the tertiary system |
| X-Golomt-Signature | Base64.decode the request (JSON request) and send it secretly using RSA encrypt |
| Response Headers | |
| Content-Type | Application/json |
System security
Key for third-party systems
X-Golomt-Cert-Id: test_cert_id
Public key: MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJ7rnZH30unXZbTNHNX7wjfECxWyaABX88F5cjSqnA5Soo6Uwu72ufzjEzAtoPk8sE9tnfi/74dyZa0PEK4mT7KK+Yy73acKNv0zKVYnFZMBWxH75ezEv6+4YllUHZ+AIjUN6d2Si/AJrvYmeFayykbXpFEN5+GycBp35cGxGYyQIDAQAB
How to create a Signature (X-Golomt-Signature).
A request prepared according to the instructions, or a JSON request, will be hashed using the SHA256 algorithm. The length of the generated text is 64 Byte.
The generated text data of length 64 will be encrypted using RSA (Mode = ECB; Padding = PKCS1Padding; Output text format = Base64) encryption type with the help of given keys. The output is the X-Golomt-Signature value of the http header.
Call the enterprise web with additional user tokens
Call the organization web containing the token
An additional one-time token is generated when the user selects a menu in the app. Call the organization web containing the token Example
The service provider will download the user's information from the bank and provide the service with an additional token.
Retrieving user data with an additional token
URI: /utility/miniapp/token/check?language=mn
Тайлбар: Retrieving user data with additional tokens.
Хүсэлтийн төрөл: POST
HEADER:
| Field name | Value |
|---|---|
| X-Golomt-Cert-Id | <<CERT_ID>> |
| X-Golomt-Signature | <<ENCRYPTED_REQUEST>> |
Description of the Request
| Field name | Value | Explanation | Mandatory |
|---|---|---|---|
| token | 123456789abcdefg | Нэмэлт токен | Тийм |
Description of the Response
| Field name | Value | Explanation |
|---|---|---|
| individualId | 12121212 | Individual ID |
| registerNumber | БӨ95020321 | Register Number |
| lastName | Бат | Lastname |
| firstName | Дорж | Firstname |
| account | 2015115673 | Account number |
| mobileNumber | 99999999 | Mobile number |
| bat@gmail.com | ||
| imgUrl | https://sp-uat.golomtbank.com:8443/api/utility/image/100603-093882492803.jpg | Profile picture of Socialpay |
Example code in the Java programming language:
package mn.golomt.payment.util;
import org.apache.commons.codec.digest.DigestUtils;
import javax.crypto.Cipher;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import static java.nio.charset.StandardCharsets.UTF_8;
public class RSAEncrypt {
public static String encrypt(String data, String publicKey) {
try {
//get public key
X509EncodedKeySpec keySpecPublic = new X509EncodedKeySpec(Base64.getDecoder().decode(publicKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PublicKey pubKey = keyFactory.generatePublic(keySpecPublic);
//encrypt
byte[] hex = getHex(data).getBytes(UTF_8);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
byte[] encryptedBytes = cipher.doFinal(hex);
return Base64.getEncoder().encodeToString(encryptedBytes);
} catch (Exception ex) {
ex.printStackTrace();
}
return null;
}
public static String decrypt(String cipherText, String privateKey) {
try {
//get private key
PKCS8EncodedKeySpec keySpecPrivate = new PKCS8EncodedKeySpec(Base64.getDecoder().decode(privateKey));
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
PrivateKey pKey = keyFactory.generatePrivate(keySpecPrivate);
byte[] encryptedBytes = Base64.getDecoder().decode(cipherText);
//decrypt
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.DECRYPT_MODE, pKey);
byte[] decryptedMessage = cipher.doFinal(encryptedBytes);
return new String(decryptedMessage, UTF_8);
} catch (Exception ex) {
ex.printStackTrace();
return null;
}
}
public static String getHex(String data) {
return DigestUtils.sha256Hex(data);
}
}