We want to use message level encryption on apiKey when sending the information to target servers. While sending the apiKey over to target servers we want to encrypt (with hmac) and send it to them. In order to achieve this, we tried via CryptoJS but it failed. Can you please let us know the best easy way to achieve this?
1 Like
@Madhumita Kumari , Found related article here, hope itâs helpful.
- on your develpoment workstation, Get the crypto-js.js file
bower install crypto-js
after the above command, you will find it here:
bower_components/crypto-js/crypto-js.js
- Import the script to Apigee via the UI. (Add Script â Import from File). Then, in your Javascript policy, reference the crypto-js like this,
<IncludeURL>jsc://crypto-js.js</IncludeURL>
<ResourceURL>jsc://encrypt-apikey.js</ResourceURL>
- In your encrypt-apikey.js script, you can encrypt the key like this
var encrypted_apikey = CryptoJS.HmacSHA1(apikey, "encrypt-key").toString()
context.setVariable('encrypted_apikey',encrypted_apikey)
Thanks,
1 Like
do you know why it failed? did you get any errors?
Should I install the âbower install crypto-jsâ in router+message processor node or in management console node? The import of crypto-js.js into apigee can be done via the management console develop segment as Add script â Import from file right? Also which option do you suggest in general âJava Callout vs Javascriptâ ? What are the pros and cons on using either of these approaches.
âbower install crypto-jsâ is just to get the crypto-js.js file, you can run this on your laptop/local machine - java vs js - personally i prefer js - no need for compillation, easy to test in js console
Have included the crypto-js.js in the jsc. Here is what the encrypt-apikey.js contains. For some reasons the js is failing and apiKey is not getting updated. Actually the first two lines causing the error and not proceeding furtherâŚ
try{
//require("CryptoJS");
var encrypted_apikey = CryptoJS.HmacSHA1(xyz.apikey, "encrypt-key").toString();
context.setVariable('encrypted_apikey',encrypted_apikey);
var jsonPayLoad = context.targetRequest.body.asJSON;
if(typeof jsonPayLoad != "undefined" && jsonPayLoad != null){
jsonPayLoad.apiKey= encrypted_apikey ;
context.targetRequest.body = JSON.stringify(jsonPayLoad);
}
}
catch(err){}
Have included the crypto-js.js in the jsc. Here is what the encrypt-apikey.js contains. For some reasons the js is failing and apiKey is not getting updated. Actually the first two lines causing the error and not proceeding furtherâŚ
try{//require("CryptoJS");var encrypted_apikey =CryptoJS.HmacSHA1(xyz.apikey,"encrypt-key").toString();
context.setVariable('encrypted_apikey',encrypted_apikey);var jsonPayLoad = context.targetRequest.body.asJSON;if(typeof jsonPayLoad !="undefined"&& jsonPayLoad !=null){
jsonPayLoad.apiKey= encrypted_apikey ;
context.targetRequest.body = JSON.stringify(jsonPayLoad);}}catch(err){}
According to this answer in StackOverflow, it seems that you also need to include sha1-min.js file in the JS Policy.
http://stackoverflow.com/questions/4337959/need-hmac-sha1-library-for-javascript
whats the error you are getting? can you âthrow errâ in your catch block?
what is this - âxyz.apikeyâ? are you sure this is initialized and has right value?
have u attached this policy at the target flow?
instead of this,
var jsonPayLoad = context.targetRequest.body.asJSON;if(typeof jsonPayLoad !="undefined"&& jsonPayLoad !=null){
jsonPayLoad.apiKey= encrypted_apikey ;
context.targetRequest.body = JSON.stringify(jsonPayLoad);
I would also try, [this would work irrespective of proxy/target]
var jsonPayload = JSON.parse(context.getVariable('request.content'))
jsonPayLoad.apiKey= encrypted_apikey ;
context.setVariable('request.content',JSON.stringify(jsonPayload))
Thanks
1 Like
if bower is used, it combines all the code in crypto-js.js so other files are not needed @Diego Zuluaga
Got it. Thanks!
The variable xyz.apikey was not resolved. Have added the variable via context.getvariable and it worked. Also Iâm able to use CryptoJS.AES.encrypt / decrypt which is what we needed. Thanks everyone. esp Mukundha
âthrow errâ - This helped me nailing down where the issue is..
cool! you are welcome