{% extends 'bundles/NelmioApiDocBundle/SwaggerUi/base.html.twig' %}

{% block content %}

    <div class="container">

        <div class="shadow rounded p-3 mb-5">
            <h3 class="mb-5 d-flex">
                <span class="flex-grow-1">Encryption API Authentication</span>
                <small>Download Example:
                    <a class="text-decoration-none" href="{{ path('example', {language: 'java'}) }}">Java</a> |
                    <a class="text-decoration-none" href="{{ path('example', {language: 'golang'}) }}">Golang</a> |
                    <a class="text-decoration-none" href="{{ path('example', {language: 'php'}) }}">PHP</a>
                </small>
            </h3>


            <p class="mb-5"> To authenticate for any API call you will have to add all headers below for each
                <br>
                             request and encrypt payload used in POST,PUT requests using shared key provided by
                             Paynetics.</p>

            <ul class="list-group list-group-flush">
                <li class="list-group-item">
                    <strong>Header: </strong> <code>x-api-key</code>
                    <p>API Key given by Paynetics</p>
                </li>
                <li class="list-group-item">
                    <strong>Header: </strong> <code>x-timestamp</code>
                    <p>Current timestamp (example:1610489493)</p>
                </li>
                <li class="list-group-item">
                    <strong>Header: </strong> <code>x-authentication</code>
                    <p>Encrypted (x-timestamp header) using shared key and aes-256-cbc base64 encoded.</p>
                </li>
            </ul>

        </div>

        <div class="shadow rounded p-3 mb-5">
            <h5>Payload encryption</h5>

            <div class="code-box">
                <br>
                <kbd>Algorithm: AES</kbd>
                <kbd>Key Length: 256</kbd>
                <kbd>Mode: CBC</kbd>
                <br>
                <br>
                <code>Body of the request have to be encrypted using aes-256-cbc and the IV have to
                      prepended.</code>
                <br>
                <code>Cipher body have to be send base64 encoded.</code>
                <br>
                <br>
                Example:
                <br>
                <code><kbd>JSON body:</kbd> "{"card_number":"5555555555554444"}"</code>
                <br>
                <code><kbd>IV:</kbd> some random bytes (16)</code>
                <br>
                <code><kbd>Request:</kbd> base64 encoded( IV + Enrypted Json body) m5hbCBwbGVhc3VyZS4= </code>
            </div>
        </div>
    </div>


{% endblock %}