This guide provides detailed instructions on how to configure and utilize the new RestAPI Encrypted Request & Response feature, which allows secure encrypted communication between the client and the server.
This feature ensures that request and response data is encrypted when sent and received via the RestAPI. It uses a custom subdomain to manage encrypted traffic for each user.
How to Use
Custom Subdomain
Each user is assigned a unique subdomain (e.g.,api-{account_guid}).
-The domain structure remains consistent across all data centers.
-Which data center (DC) it will connect to will be determined during the DNS record configuration.
Activating Encryption
Set one of the following values (NONE/AES-CBC) in the api_encrypt_method column of the sys.config_account_sys_params table in the Dengage → sys schema.
Fill in the enc_key and dec_key columns in the conn.db_conn table.
For AES-CBC, only the enc_key is required for now.
The key can either be:
-Generated by the Dengage team and shared with the user.
-Provided by the user, processed by the Dengage team and added to the table.
Supported Methods
RSA
AES-ECB
AES-OFB
AES-CFB
AES-GCM
AES-128
How to Generate or Obtain Keys
Option 1: The user can provide their own key.
Option 2: Dengage team can generate a key, share it with the user, and insert it into the conn.dbconn table.
Key Requirements:
Must be 256-bit.
Example key: 6mHBHYirYhRwG88g6mHBHYirYhRwG88g
Important for CBC: The IV must be the same as the key.
Testing Encrypted Requests
To encrypt the request body for testing, you can use the online tool: https://anycript.com/