Bank Payment Integration with BC 365

devanshu_chaudharydevanshu_chaudhary Member Posts: 3
edited 2022-06-28 in General Chat
Hello Guyz I have a task on Business Central 365 in which I have to do Integration with ICICI Bank for Payments.
I am new for Integration, please help with Coding part in VS Code to do this encryption. Thanks In Advance(Please do reply if anybody has any idea)

This is the Technical Information:

Encryption is done at JSON field value level so
that final encrypted structure will remain as JSON.
For example: Plain text requests may look as below,
{
"APIReqTranID": "ICICI070120300",
"BankTransactionID": 159120269,
"Comment": ""
}
Respective Encrypted request will be looking like below,
{
"APIReqTranID":"8XA8AEU1Yitro1FiCSUR40NLwHtVv3PULJ3RvQ4PYqY=",
"BankTransactionID":"1W66CsouP8BBdroHse1Kj7kRo+sj5K6CUKhSv/7Mm6s=",
"Comment":""
}
If you observe, only field values are encrypted. Empty fields can be ignored. Date/Boolean or any non-string
values when encrypted will become string data type values only.
Key that is used to encrypt above will be again encrypted and sent to ICICI in the HTTP Header as X-Session-Key.
Steps to call encrypted APIs are as below

Creating Session Key
Each request will have a dynamic session key created at run time with below settings
Key Type AES 256
Key Size 32 bytes / 256 bits
Block Size 16 bytes / 128 bits
Cipher Mode CBC
Padding PKCS7(IV First 16 bytes should be the IV in the final encrypted data (static
IV is optional)

✓ Encrypting Data
o Only JSON field values are to be encrypted and not the field labels
o Generate the dynamic session KEY using above settings
o Use AES-256-CBC encrypt algorithm to encrypt the data (Static IV is optional)
o Prepend 16 bytes IV to the encrypted bytes (if static IV was used)
o Base-64 encode the above final value ( IV + Encrypted-data)

✓ Encrypting Session Key
o Obtain ICICIs public certificate (copy is given here)
▪ Non-Production ::
icici.corporate-bank
.nonprod.pem-sscert.cer
Click Here
▪ Production ::
ixpressdp.icicibank.
com.cer
Click Here

o Encrypt the 32-bytes session key using above certificate (note: encryption to be done on byte
array, NOT the base-64 encoded key)
o Encrypting key will use RSA 1.5 key transport algorithm for encryption
✓ Sending Request
o Use the encrypted JSON structure as HTTP body
o Set the base-64 encoded/encrypted session key as X-Session-Key in the HTTP header.

Plain text request Encrypted Request
{
"APIReqTranID": "ICICI070120300",
"BankTransactionID": 159120269,
"Comment": ""
}
{
"APIReqTranID":"8XA8AEU1Yitro1FiCSUR40NLwHtVv3PULJ3RvQ4PYqY=",
"BankTransactionID":"1W66CsouP8BBdroHse1Kj7kRo+sj5K6CUKhSv/7Mm6s=",
"Comment":""
}
Header Header Value
X-Session-Key r5sQ9dxOmBixUhQEuGEFmka8ku0/ZRpHKUyBKgZjsUkddhup4vpcLVh+1…

Response will also be encrypted with same session-key that was sent on request. Hence use the key generated
during request encryption to decrypt the response also.

Note: Certain error responses can not be encrypted, especially if the session-key itself was invalid.
To call IXC APIs, import IXC server certificate in your application server’s trust store and use TLS 1.2 for the
HTTPS connection option and use APIs URI

Comments

This discussion has been closed.