Scribd
Upload
92 views

Collect API

The Collect Pay API is used to initiate a collect request to a payer's virtual payment address (VPA). It requires parameters like the merchant ID, submerchant ID, terminal ID, payer's VPA, transaction amount, and a unique merchant transaction ID. The API will return a response indicating if the transaction was initiated successfully. It will also send a collect request to the payer's mobile app. Once the payer accepts or rejects the request, the API will send a callback notification with the transaction status to the merchant's callback URL.

Uploaded by

Oceans123
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
92 views

Collect API

The Collect Pay API is used to initiate a collect request to a payer's virtual payment address (VPA). It requires parameters like the merchant ID, submerchant ID, terminal ID, payer's VPA, transaction amount, and a unique merchant transaction ID. The API will return a response indicating if the transaction was initiated successfully. It will also send a collect request to the payer's mobile app. Once the payer accepts or rejects the request, the API will send a callback notification with the transaction status to the merchant's callback URL.

Uploaded by

Oceans123
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 20

API Documentation –

Collect Pay API


Contents
Introduction ......................................................................................................................................................... 3
API Details ........................................................................................................................................................... 4
1. API Name: Collect Pay ............................................................................................................................... 5
2. API Name: Callback.................................................................................................................................... 8
3. API Name: Transaction Status ................................................................................................................. 9
4. API Name: Callback Status ..................................................................................................................... 11
5. API Name: Refund API ............................................................................................................................ 13
6. Error Codes ................................................................................................................................................ 15
Security .............................................................................................................................................................. 18
Encryption & Decryption Process ................................................................................................................. 19
Introduction:
UPI is a set of APIs created by NPCI to facilitate online immediate payments. UPI is expected to
further propel easy instant payments via mobile. The payments can be both sender (payer) and
receiver (payee) initiated and can be carried out using virtual payment addresses, Aadhaar
integration, mobile number etc. The payer’s smartphone could be used for secure credential
capture.

Merchant on-boarding:

Merchant needs to provide the following information for onboarding of UAT and production
environment:

Technical list:
 IP address (For dynamic IPs please provide range of IP addresses)
 Merchant call-back URL to post final transaction status from ICICI’s end
 Merchant certificate with 4096 bits public key (.pem or .cer format) for encryption
 Merchant SSL certificate for sending call back response on call back url

Once the merchant provides all the above mentioned technical list, Bank will do the necessary
configuration at their end and provide Merchant ID (MID) which shall be configured against the
Virtual Payment Address (VPA). Once these details are received at merchant’s end, they can start
the API testing.

Bank will also provide ICICI bank’s public key certificate for encryption to be done at merchant’s
end. Merchant will need to make encrypted request call using ICICI Bank’s public key certificate to
selected APIs from their Application Server and ICICI Bank will post encrypted response packet
using merchant’s public key certificate. Merchant is required to decrypt the response packet
received at their end with the corresponding private key.

General Flow:

1. Merchant will send Collect Pay request on collect pay API. Merchant will send customer’s
VPA and other transaction details.
2. On receiving request in correct format, ICICI bank will send collect pay response as
‘transaction initiated successfully’.
3. At the same time UPI request will be sent to customer’s PSP (based on his VPA) mobile
app. (E.g. xyz@icici VPA request on iMobile App and for other banks VPA i.e. xyz@axisbank,
on their respective mobile app)
4. Once Customer ‘accepts’ or ‘rejects’ the request from his mobile app, ICICI bank will send
‘Callback’ response to merchant stating ‘Success’ or ‘Reject’ on the callback URL.
5. When customer ‘accepts’ the request from his mobile, transaction will be completed and
amount will be credited to merchant’s account.
6. At any given time, merchant can check the status of transaction by calling Transaction status
API.
API Details:
The specific name of each APIs are mentioned in the below sections. The customer parameters
to be passed are specific to each API.

Below is the format for sending details.

First the parameters and their values will be entered in JSON Object. Then the whole JSON object
will be encrypted and then encoded. Finally, the whole request will be passed through URL.

It will be a POST request

[GatewayURL(Base64Encode(RSA_Encrypt(JSON_Object{Field_Elements(field1,field2,…)})))]

The JSON Request Object is mentioned below where complete payload is encrypted using the
public key provided by ICICI Bank:

Base64Encode(RSA_Encrypt( { "merchantId" : "111111", "subMerchantId" : "12234", "terminalId" :


"2342342", "merchantTranId" : "612413726581",…,… }))

Encryption needs to be done using RSA 4,096 bits public key provided by ICICI Bank.

While sending the request please add the Headers in CODE which are Highlighted:

accept:*/*, accept-encoding:*, accept-language:en-US,en;q=0.8,hi;q=0.6, cache-control:no-cache,


connection:keep-alive, content-length:684, content-type:text/plain;charset=UTF-8,
host:apigwuat.icicibank.com:8443, origin:chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop,
postman-token:bfd89d8e-fd90-b9b7-b9da-17469eb99976, user-agent:Mozilla/5.0 (Windows NT 6.3;
WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36.

Below steps are to be followed:


1) Use Public certificate of ICICI Bank to encrypt payload using Algorithm
RSA/ECB/PKCS1Padding Called Encrypted Payload
2) Base64 encode the Encrypted payload to get EncodedEncryptedPayload
3) The final string generated is the Request to API Gateway
4) Use content-type as Plaint/text in the body and call the API
Sample Payload:

X30i3+Y5kWiuQQ6/d+pW6oJaMidDpaXLznH03XUm6xRlUeAhKTghFb2SeXHzyNCkoi2+Ci8ms2OU
ljUhsJTyLWo+N6INqMNpki3ieQWBAxo+8s/xc9t/SSp3eLUIPgcEnwHJ93tDnvzD8KjRtWqo3mBg
ja84TnQvISM918WcUvZQi/NLbGjxlemBm2bHJYSfJwVtTMbJubvlZmAhrW14YpfY6B8ZzUBujZhf
qldMLL+B+zyKd9tlTztVCeVINQvDPhsNnU9OBNN+sHIESZzzi+B7PgYn7n/Mzpo594npZbZ9sDwS
XdwMlK1KY3rJXfzoq+RZL+dcl1ftfZjlqCHFfHposHzB3C3Smjm9EnzZEB0DfnxnT5CHvWM8l90I
1CKew9ZjKrbHAQ6y1eKDKad9935TlSh/WTirdtDHcpJW+HC8NYzd5lwzuVyWr24JD+riS7DcnKv7
YDH4xxnHaWXx/g8tgsxWK4H2m+VdvivVKWzAaX4GeNZd76uxGGUvKwxgqiyLasFqtYzYjOIm8fRq
jGpDdQ9CkrdmvyOOdOV+qFbXaMxCLyBAlrarFGO4QWoO5oJvmWY6zOXa/A2Apx+IX7CG51VuiwQZ
ssVEAGVzHQYn1n69nf2Jj/LLJXbg9gFg9naHTwf2m9jBorUhoo007Cm87v5oytwzGJIX13VOIAY=
1. API Name: Collect Pay
Description: Collect Pay API will be used to raise collect request to the VPA present in the Payer
VA parameter in the request packet.

As an optional feature, Validation of the Debit Account can be done using Validate Payer Acc
Flag, Payer Account and Payer IFSC parameter.

UAT Endpoint:
https://apibankingonesandbox.icicibank.com/api/MerchantAPI/UPI/v0/CollectPay3/{merchantId}

Live Endpoint:
https://apibankingone.icicibank.com/api/MerchantAPI/UPI/v0/CollectPay3/{merchantId}

Input Parameters:

Mandatory
Name Type Description (Y-Yes / O- Length
Optional)
merchantId Number Merchant Identification Y 10
Number
subMerchantId Number Sub Merchant Identification Y 10
Number of Merchant. If
there is no subMerchantId
required, merchant should
pass the same value as
‘merchantId’
terminalId Number Needs to send Merchant Y 4
category code (MCC code).
[Default MCC-5411]
merchantName String Name of the Merchant Y 50
subMerchantName String Sub Merchant Name of the Y 50
Merchant
payerVa AlphaNumeric Virtual Payment address of Y 255
the Payer
Amount Number Amount to be debited (In Y 20
Rupees) in Integer value
with 2 decimal
E.g. : ‘200.00’ or ‘300.12’
Note AlphaNumeric Remarks entered by the Y 50
payer for his reference.
collectByDate DATE TIME Format : dd/mm/yyyy Y
HH:MM AM/PM
merchantTranId AlphaNumeric This will be a Transaction ID Y 35
generated by the API and
should always be unique
billNumber AlphaNumeric Bill Number / Order Number Y 50
validatePayerAccFl String ‘Y’ for validating debit a/c O 1
ag details or ‘N’ for non-
validation
payerAccount Number When ‘validatePayerAcc’ O
Flag is ‘Y’ then it is
mandatory. Payer Account
number is required to be
entered.
payerIFSC AlphaNumeric When ‘validatePayerAcc’ O
Flag is ‘Y’ then it is
mandatory. Payer IFSC code
is required to be entered.

Sample Packet:

{
"payerVa": "testo@icici",
"amount": "5.00",
"note": "collect-pay-request",
"collectByDate": "08/11/2019 06:30 PM",
"merchantId": "118449",
"merchantName": "Testmerchant",
"subMerchantId": "118449",
"subMerchantName": "Test",
"terminalId": "5411",
"merchantTranId": "p0nillp0k9lqlp091p17",
"billNumber": "sdf1po111b",
"validatePayerAccFlag": "Y",
"payerAccount": "0405012740",
"payerIFSC": "ICI00012345",
}

Output Parameters:

Name Type Description


response Number Response Code
merchantId Number Merchant Identification Number
subMerchantId Number Sub Merchant Identification Number of
Merchant
terminalId Number Merchant category code
success String Result of the API Call
message String Response code Description
merchantTranId AlphaNumeric This will be a Unique Transaction ID
generated by the Merchant.
BankRRN Number Reference Number generated by Bank
Response Packet:

{
"response":"92",
"merchantId":"118449",
"subMerchantId":"118449",
"terminalId":"5411",
"success":"true",
"message":"Transaction Initiated",
"merchantTranId":" p0nillp0k9lqlp091p17",
"BankRRN":"931013011368"
}
2. API Name: Callback
Description: Final transaction response posted by ICICI Bank to Merchant’s callback URL.

Parameters:

Name Type Description Length


merchantId Number Merchant Identification Number 10
subMerchantId Number Sub Merchant Identification Number of 10
Merchant
terminalId Number Merchant category code (MCC code). 10
[Default MCC-5411]
BankRRN Number Bank reference Number for this transaction 20
merchantTranId AlphaNumeric Transaction Id as sent in the request packet 35
PayerName AlphaNumeric Name of the Payer 50
PayerMobile Number Mobile Number of the Payer 10
PayerVA AlphaNumeric Virtual Payment Address of the Payer 255
PayerAmount Numeric Amount of the Transaction 20
TxnStatus AlphaNumeric Status of the Transaction 20
TxnInitDate Date and Time Date and time on which the transaction 20
was initiated
TxnCompletionDate Date and Time Date and time on which the transaction 20
was completed

Sample Callback: Callback response after decryption.

{
"merchantId" : "106161",
"subMerchantId" : "12234",
"terminalId" : "5411",
"BankRRN" : "615519221396",
"merchantTranId" : "612411454593",
"PayerName" : "hhjjj",
"PayerMobile" : "8879770059",
"PayerVA" : "testing1@imobile",
"PayerAmount" : "12",
"TxnStatus" : "SUCCESS",
"TxnInitDate" : "20160715142352",
"TxnCompletionDate" : "20160715142352"
}
3. API Name: Transaction Status

Description: This API will be used by Merchant to get the status of the transaction based on
‘merchantTranID’ input parameter. This API will fetch the updated status from NPCI.

UAT Endpoint:
https://apibankingonesandbox.icicibank.com/api/MerchantAPI/UPI/v0/TransactionStatus3/{merchantId}

Live Endpoint:
https://apibankingone.icicibank.com/api/MerchantAPI/UPI/v0/TransactionStatus3/{merchantId}

Input Parameters:

Mandatory Length
Name Type Description
(Y/N)
merchantId Number Merchant Identification Y 10
Number
subMerchantId Number Sub Merchant Identification Y 10
Number of Merchant
terminalId Number Needs to send Merchant Y 4
category code (MCC code).
[Default MCC-5411]
merchantTranId AlphaNumeric This will be a Transaction ID Y 35
generated at the time of
original request

Sample Packet

{
"merchantId": "118449",
"subMerchantId": "118449",
"terminalId": "5411",
"merchantTranId": "p0nillp0k9lqlp091p17"
}

Output Parameters:

Name Type Description


Response Number Response Code
X` Number Merchant Identification Number
subMerchantId Number Sub Merchant Identification Number of
Merchant
terminalId Number MCC
Success String Result of the API Call
Message String Response Code Description
merchantTranId AlphaNumeric This will be a Unique Transaction ID
generated by the Merchant.
OriginalBankRRN Number Reference Number generated by Bank
Amount Number Amount
Status AlphaNumeric Status of the transaction

Sample Response:

{
"response" : "0",
"merchantId" : "106161",
"subMerchantId" : "12234",
"terminalId" : "5411",
"OriginalBankRRN" : "615519221396",
"merchantTranId" : "612411454593",
"amount" : "12",
"success" : "true",
"message" : "Transaction Successful",
"status" : "SUCCESS"
}

Current response:
PENDING, SUCCESS, FAILURE
4. API Name: Callback Status
Description: This API will be used by Merchant to get the status of the transaction by passing
correct transaction type. This API will fetch the status of the transaction based on RRN or
merchant transaction ID or ref-id from ICICI Switch.

UAT Endpoint:
https://apibankingonesandbox.icicibank.com/api/MerchantAPI/UPI/v0/CallbackStatus2/{merchantId}

Live Endpoint:
https://apibankingone.icicibank.com/api/MerchantAPI/UPI/v0/CallbackStatus2/{merchantId}

Input Parameters:

Mandatory
Name Type Description Length
(Y/C)
merchantId Number Merchant Identification Y 10
Number
subMerchantId Number Sub Merchant Identification Y 10
Number of Merchant
terminalId Number Needs to send Merchant Y 4
category code (MCC code).
[Default MCC-5411]
transactionType Alphabet Flag to identify type of Y 1
original transaction as C, R, Q
or P as per below mentioned
*table
merchantTranId AlphaNumeric This will be a Transaction ID C 35
generated at the time of
original request.
transactionDate Date Date of the Transaction C 20
BankRRN Number Bank Reference Number of C 15
the original transaction
refID AlphaNumeric Reference Number passed in C
QR/Intent Call

*Transaction Scenario MerchantT BankRRN RefId Transaction Date


Type Flag ranId
C Collect Pay Mandatory Non- N/A N/A
Transaction Mandatory
R Refund Mandatory Non- N/A N/A
Transactions Mandatory
Q ICICI generated Mandatory Non- Non- N/A
ref-Id (EZY or Mandatory Mandatory
EZP)
P Merchant Any 1 out Any 1 out of Any 1 out of Mandatory when
generated ref- of 3 3 3 search based on
Id or Push Ref Id
Sample Packet:

{
"merchantId": "118449",
"subMerchantId": "118449",
"terminalId": "5411",
"transactionType": "C",
"merchantTranId": "p0nillp0k9lqlp091p17"
}

Output Parameters:

Name Type Description


Response Number Response Code
merchantId Number Merchant Identification Number
subMerchantId Number Sub Merchant Identification Number of
Merchant
terminalId Number MCC
success String Result of the API Call
message String Response Code Description
merchantTranId AlphaNumeric This will be a Unique Transaction ID
generated by the Merchant.
OriginalBankRRN Number Reference Number generated by Bank
PayerVA AlphaNumeric Virtual Payment Address of the Payer
Amount Number Amount
status AlphaNumeric Status of the transaction
TxnInitDate Date and Time Date and time on which the transaction
was initiated
TxnCompletionDate Date and Time Date and time on which the transaction
was completed

Sample Response:

{
"response" : "0",
"merchantId" : "106161",
"subMerchantId" : "12234",
"terminalId" : "5411",
"OriginalBankRRN" : "615519221396",
"merchantTranId" : "612411454593",
"Amount" : "12",
"payerVA" : " testing1@imobile ",
"success" : "true",
"message" : "Transaction Successful",
"status" : "SUCCESS",
"TxnInitDate" : "20160715142352",
"TxnCompletionDate" : "20160715142352"
}
5. API Name: Refund API
Description: This API needs to be used by Merchants to initiate refunds of the transactions. Both
offline and online refunds are supported in the same API.

UAT Endpoint:
https://apibankingonesandbox.icicibank.com/api/MerchantAPI/UPI/v0/Refund/{merchantId}

Live Endpoint:
https://apibankingone.icicibank.com/api/MerchantAPI/UPI/v0/Refund/{merchantId}

Input Parameters:

Mandatory Length
Name Type Description
(Y/N)
merchantId Number Merchant Identification Y 10
Number
subMerchantId Number Sub Merchant Identification Y 10
Number of Merchant
terminalId Number Needs to send Merchant Y 4
category code (MCC code).
[Default MCC-5411]
originalBankRRN String Original Transaction Id Y 15
merchantTranId String Refund Transaction Id Y 35
originalmerchantTr AlphaNumeric Merchant TranID of Refund Y 35
anId transaction.
refundAmount Number Amount to be debited.(In Y 20
Rupees, Integer value with 2
decimal)E.g. : 200.00 / 300.12
payeeVA AlphaNumeric Alias name with which the N 255
payee can be identified by his
registered entity.
Note AlphaNumeric Remarks entered by the payer Y 50
for his reference.
onlineRefund String Refund request mode – Online Y 1
or Offline refund – ‘Y’ for
online refund and ‘N’ for
Offline refund

Sample Packet:

{
"merchantId": “106092”,
"subMerchantId": “12234”,
"terminalId": “2342342”,
"originalBankRRN": "622415338172",
"merchantTranId": "88442047",
"originalmerchantTranId": "202020202021",
"payeeVA": "yatin@imobile",
"refundAmount": "10.00",
"note": "refund-request",
"onlineRefund": "Y"
}

Output Parameters:

Name Type Description


Response Number Response Code
merchantId Number Merchant Identification Number
subMerchantId Number Sub Merchant Identification Number of
Merchant
terminalId Number MCC
success String Result of the API Call
message String Response Code Description
merchantTranId AlphaNumeric This will be a Unique Transaction ID
generated by the Merchant.
OriginalBankRRN Number Reference Number generated by Bank. For
Online refund, new RRN will be generated.
For Offline, Original RRN will be returned
status AlphaNumeric Status of the transaction

Sample Response
{
"merchantId": “106092”,
"subMerchantId": “12234”,
"terminalId": “2342342”,
"success": "true",
"response": “0”,
"status": "SUCCESS",
"message": "Transaction Successful",
"originalBankRRN": "622415338172",
"merchantTranId": "88442055"
}
6. Error Codes

Code Description Reasons


500 Internal Server Error Internal Server Error
401 Unauthorized APIkey,IP whitelisting or SSL not
present
403 Forbidden Request not proper.
429 Too Many Requests Too Many Requests
8002 INVALID_JSON. INVALID_JSON.
8003 INVALID_FIELD FORMAT OR Field is not in the format mentioned
LENGTH
8004 MISSING_REQUIRED_FIELD Mandatory field is missing
INVALID_FIELD_LENGTH Length of field exceeds defined
8006 length
8007 Invalid JSON, OPEN CURLY BRACE Open Brace missing in JSON
MISSING
8008 Invalid JSON,END CURLY BRACE Closing Brace missing in JSON
MISSING
8009 Internal Server Error White space characters
8010 INTERNAL_SERVICE_FAILURE The system had an internal
exception
8011 BACKEND_HOST_NOT_FOUND The Server referenced in the URL
cannot be reached.
8012 BACKEND_CONNECTION_TIMEOUT Cannot connect to service
8013 BACKEND_READ_TIMEOUT Cannot read from service
8014 BACKEND_BAD_URL The URL is incorrect.
8017 INVALID JSON Improper JSON
8016 Decryption Fail Request not properly Encrypted
5000 Invalid Request if the request is failed with some
other reasons
5001 Invalid Merchant ID If the merchant Id is not valid
5002 Duplicate Merchant TranId Transaction is already initiated with
merchant transaction id
5003 Merchant Transaction Id is If merchant transaction id null
mandatory
5004 Invalid Data invalid packet
5005 Collect By date should be greater If given collect by date is less than
than or equal to Current date current date
5006 Merchant TranId is not available No transaction initiated with given
transaction id based on merchant id
5007 Virtual address not present If merchant entered invalid
customer VPA
5008 PSP is not registered If merchant entered wrong PSP
handler
5009 Service unavailable. Please try later. Default error response for
unexpected internal failures.
5010 Technical Error If any technical error.
5011 Duplicate merchant TranId Transaction is already initiated with
merchant transaction id
5012 Request has already been initiated If request is initiated already for this
for this transaction transaction.
5013 Invalid VPA If VPA does not exits
5014 Insufficient amount If Original amount is less than
refund amount
5015 Invalid Original TranId If original transaction Id is not
available
5016 Payee VA should not be Merchant Should not be Merchant Virtual
VA Address
5017 Sorry you can't initiate refund Merchant can initiate online refund
request only if online refund flag is enabled
5018 Merchant VPA and Reference ID is
not match
5019 Invalid Terminal Id
5020 No response from Beneficiary Bank. For Deemed approved transactions
Please wait for recon before or timed out requests
initiating the transaction again.
5021 Transaction Timed out. Please check OSB Timed out for collect request
transaction status before initiating
again.
5022 Terminal Id is mandatory
5023 Multiple transactions against given
parameter. Please provide bank RRN
5024 Record not found against given
parameters
5025 Please enter valid refund amount
5026 Invalid Consumer number
5027 Invalid merchant prefix
5028 Virtual Address Already Exists
5029 No Response From Switch
5030 Please try again In case Check VPA return actCode
950 from Switch
5031 Validity start date should not be less If Validity start date is less than
than current date current date
5032 Validity end date should not be less If Validity end date is less than
than validity start date validity start date
5033 Mandate request not created Without initiating the manage
mandate
5034 No Approved Mandates are available If manage mandate request are not
in SUCCESS state
5035 Mandate expired If mandate validity period is
completed
5036 Mandate amounts mis-matched If manage mandate is EXACT and
different amount given in execute
mandate
5037 Execution amount exceeded to If manage mandate is MAX and
Mandate approved amount execution amount crossed in
execute mandate
5038 Invalid Validate Payer Account Flag If validate payer account flag is
other than Y and N
5039 Invalid Payer Account If Payer Account is null, empty or
invalid pattern
5040 Invalid Payer IFSC If Payer IFSC is null, empty or invalid
pattern
5041 Invalid Sequence Number
5042 Duplicate Sequence Number
5043 Invalid Unique Merchant ReferenceId
5044 Invalid Merchant Name
5045 Invalid Marketing Name
5046 Invalid Bank Assigned MerchantId
5047 OSB Timeout
5048 New Unique Merchant ReferenceId
5049 Failed at switch. Please try
registering again.
5050 Details of Bank Assigned MerchantId
not found
5051 Duplicate Unique Merchant
ReferenceId
Security:

 API Key needs to be passed in every request in the header and merchant IP
will also be required for IP whitelisting.
 API Key needs to be passed in the parameter name: apikey
 API request and response to Merchant is secured using advanced and
agreed upon encryption algorithm agreed to maintain data confidentiality
and integrity.
 API Gateway uses the standard authenticating and authorizing process for
the incoming request from merchant and for maintaining the integrity and
confidentiality we apply state of art Encryption/ Decryption algorithm.
Encryption & Decryption Process:
For Encryption of a payload at Client’s end.

encryptedKey = Base64Encode(RSA/ECB/PKCS1Encryption(SesionKey,ICICIPubKey.cer))
Session key is nothing but randomly one time generated string of length 16 (OR 32).
encryptedData = Base64Encode(AES/CBC/PKCS5Padding(Response,SessionKey))

1. Generate 16-digit random number (session key). Say RANDOMNO.


2. Encrypt RANDOMNO using RSA/ECB/PKCS1Padding and encode using Base64. Say
ENCR_KEY.
3. Perform AES/CBC/PKCS5Padding encryption on request payload using RANDOMNO as
key and iv- initialization vector. Say ENCR_DATA.
4. Now client may choose to send IV in request from one of below two options.
a. Send Base64 Encoded IV in “iv” tag. (Recommended Approach)
b. Send IV as a part of ENCR_DATA itself.
bytes[] iv = IV;
bytes[] cipherText = symmetrically encrypted Bytes (step3)
bytes[] concatB = iv + cipherText;
ENCR_DATA = B64Encode(concatB);
5. Now in the complete request, Client needs to send encrypted request in below format.
{
"requestId": "<request-id for tracking purpose>",
"service": "AccountCreation",
"encryptedKey": "<ENCR_KEY>",
"oaepHashingAlgorithm": "NONE",
"iv": "<IV>",
"encryptedData": "<ENCR_DATA>",
"clientInfo": "",
"optionalParam": ""
}
For Decryption of a response at Client’s end.

IV= getFirst16Bytes(Base64Decode(encryptedData)
SessionKey =
Base64Decode(RSA/ECB/PKCS1Decryption(encryptedKey,ClientPrivateKey.p12,)) Session
key is nothing but randomly generated string of length 16 (OR 32) .
Response = Base64Decode (AES/CBC/PKCS5Padding Decryption(encryptedData,SessionKey,
IV))

1. Get the IV- Base64 decode the encryptedData and get first 16 bytes and rest
is encryptedResponse.
bytes[] IV= getFirst16Bytes(Base64Decode(encryptedData)

2. Decrypt encryptedKey using algo (RSA/ECB/PKCS1Padding) and Client’s private key.


sessionKey =
B64Decode(RSA/ECB/PKCS1Decryption(encryptedKey,ClientPrivateKey.p12,))

3. Decrypt the response using algo AES/CBC/PKCS5Padding.


Response = Base64Decode
(AES/CBC/PKCS5Padding
Decryption(encryptedData,SessionKey, IV))

4. You need to skip first 16 bytes of response, as it contains IV.

You might also like