Knowledge Center

Knowledge Center > API > REST API > REST API Reference > RSA Signatures > Decrypt

Decrypt

The REST API used in Payment Pages 2.0 are CORS (Cross-Origin Resource Sharing) enabled and therefore requires a digital signature. You use rsa_signatures to generate the required digital signature and token for a Payment Pages 2.0 form, and then you use the decrypt REST service to decrypt the signature to validate the signature and key.

This REST service should be used only when you implement Payment Pages 2.0. 

Request

  • Production: POST https://api.zuora.com/rest/v1/rsa-signatures/decrypt
  • API Sandbox: POST https://apisandbox-api.zuora.com/rest/v1/rsa-signatures/decrypt

Request Parameter

publicKey Required The public key generated by Zuora.
method Required The type of the request. Set it to POST.
signature Required The signature generated by Zuora.

Response

The following information is returned in a response:

publicKey The public key passed in as a request parameter.
signature The signature passed in as a request parameter.
decryptedSignature

The string of a list of the following items: Payment Pages 2.0 URL, tenant ID, timestamp,
the Payment Page ID

The items are separated by '#', e.g., "/apps/publichostedpagelite.do#12271#rvBp1AxBJwk6FrT7aqFuABIINiRbwJCc
#1418848373103#2c92c0f948f899
"

success True if the request is successful.

Examples

Here is a sample code in Java that descrypts the digital signature for Payment Pages 2.0:

package com.zuora.rest.signature;

import java.util.Map;

import com.rsa.certj.provider.pki.URLDecoder;
import com.zuora.rest.client.RestClient;
import com.zuora.rest.meta.signatures.POSTSignatureMeta;
import com.zuora.util.MapUtil;
import com.zuora.rsa.security.decrypt.SignatureDecrypter;

public class SignatureTest {

    private static final String rest_uri = "/v1/rsa-signatures/decrypt";
     
    public static void main(String[] args) throws Exception {
         
        RestClient.login("superadmin@myCompany.com", "myPassword");
                 
        // Post request params
        Map<String, String> postSignatureReq = MapUtil.of(
                "publicKey", myPublicKey,
                "method", "POST",
                "signature", mySignature
                );
        Map result = RestClient.post(rest_uri, postSignatureReq, Map.class);
        
        StringTokenizer st = new StringTokenizer(result,"#");
        String url = st.nextToken();
        String tenanId = st.nextToken();
        String token = st.nextToken();
        String timestamp = st.nextToken();
        String pageId = st.nextToken();
        
        System.out.printf("url: %s\n token: %s\n tenantId: %s\n timestamp: %s pageId: %s\n", 
           url, token, tenantId, timestamp, pageId);
         
        RestClient.logout();
    }
}

Here is a sample code in Python that decrypts the digital signature generated for Payment Pages 2.0:

import requests
import json
import ZuoraSSL

rest_url = ‘https://api.zuora.com/rest/v1/rsa-signatures/decrypt’

data = {"publicKey": my_publicKey, "method": "POST", "signature": my_hosted_signature}
headers = {'content-type': 'application/json'}

response = requests.post(rest_url, data=json.dumps(data), auth=(my_username, my_password), headers=headers)
decrypted = response.json()

print(decrypted)

 

 

Last modified
10:25, 11 Aug 2016

Tags

Classifications

(not set)