This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Ways to Encrypt Query Param

Posted on 11-05-2018 10:56 AM
jyothikiranr
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi Everyone,

I'm looking for some suggestions to implement shortening/ecryption of query params.

Here is the case.

I have an API proxy that takes a query param and returns a response in JSON format. Based on this response, the end user (not app developer but customer ) gets a discount. I don't want to expose this query param in its original format (its a 11 digit number) to end user.

Here are few assumptions

1. I can run a function on all promo codes to shorten them and send promos to end users- not sure whats the best way to shorten them

2. I cannot add the shortened codes to my backend server - This is a lot of work, and I dont really want to add new data for a promotion.

3. So ideally, shortened codes are entered in the front end app by the end user, Apigee should decode it and get the right data from backend from its corresponding promo code.

Please let me know your thoughts.

Thanks

Solved Solved
0 3 2,364
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Jyothi K Reddy, At the marketing level, you may use Javascript CryptoJS library for encrypting the promo codes.

At Apigee level use Javascript policy to decrypt the values coming in query parameter and send it to the backend server to identify the discounts.

Have a look at this example to encrypt data using JS policy,

https://community.apigee.com/articles/38046/des-encryption-javascript-policy-using-cryptojs.html

View solution in original post

Jump to Solution
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Jyothi K Reddy, I think encrypting the API Keys should be ideally done on the front-end-app.

Does your questions have two parts? apikey encryption & promocodes?

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
jyothikiranr
Bronze 1
Bronze 1
In response to sidd-harth
Reply posted on --/--/---- --:-- AM

@Siddharth Barahalikar Thanks for your reply. API key is being passed as a header when the request comes into Apigee. Im more interested in the query param that is needed to fetch data. This query param is required to identify the discount. Although id like to encrpt/shorten it somehow.

For example,

here is my call. https://xxx.apigee.net/v1/path/to/resource?promo=12345678

that promo will be sent in an email to all subscribers.

My problem is I want to shorten/encrpt that promo -- at marketing level -- send encrypted / shortened promo to customers.

When a customer enters the promo code on the front end,

take the request -- Decrypt / unshorten it al Apigee level -- extract original promo code -- send data back.

Thanks for your help!

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
sidd-harth
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi @Jyothi K Reddy, At the marketing level, you may use Javascript CryptoJS library for encrypting the promo codes.

At Apigee level use Javascript policy to decrypt the values coming in query parameter and send it to the backend server to identify the discounts.

Have a look at this example to encrypt data using JS policy,

https://community.apigee.com/articles/38046/des-encryption-javascript-policy-using-cryptojs.html

Jump to Solution
0 Likes