Encrypting payloads
Info
For all asset-related requests such as wallet creation and token transfer, parameters must be encrypted with the secretKey specified for each service and passed as the value of the payload field. This is to protect the data and ensure the origin of the request. The aes-256-cbc algorithm is used for encryption.
Every payload must include timestamp and nonce fields.
Example
import { v4 as uuidv4 } from 'uuid';
const encrypt = (plaintext: string, key: string): string => {
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv('aes-256-cbc', Buffer.from(key, 'hex'), iv);
const ciphertext = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
const base64Encoded = Buffer.concat([iv, ciphertext]).toString('base64');
return encodeURIComponent(base64Encoded);
};
const payload = {
uid: 'user...',
contractAddress: '0x...',
timestamp: Math.floor(Date.now() / 1000),
nonce: uuidv4(),
}
const encryptedPayload = encrypt(JSON.stringify(payload), secretKey);