Valify offers an API to retrieve transaction images, any time after the service has been called. This API receives a reference to the Transaction ID of the transaction being inquired, and returned its relevant images.
The Fetch Images API is a very sensitive API, as it allows access to images for all your transactions. Therefore, to secure your data, it is a requirement that the Fetch Images response is encrypted in transit, and decrypted on the recipient's side.
To gain access to this API, you need to contact Valify to avail this service. You also need to generate an RSA 4096 key pair. The private key is stored on the recipient side, and the public key is provided to Valify to be stored. This way, the API response payload can be encrypted for you to decrypt it on your side. Please contact techsupport@valify.me for more information.
The RSA 4096 key pair can be generated using the following commands:
Each time this API is called, a new AES 256 key is generated.
The response data (JSON string) is encrypted with the AES key.
The AES key is then encrypted with the public key provided to Valify.
The encrypted key and encrypted data are encoded into base64 format is sent in the API response.
The response recipient should then decode the base64-encoded key and data, decrypt the AES key using their RSA private key, and use the decrypted AES key to decrypt the transaction data, producing a JSON string.
{ "message": "Bad Request – invalid request received (e.g. missing Bundle key, required parameters or invalid json) | Make sure all the required parameters are included"
}
{"message":"Unauthorized – your Bundle key is invalid"}
{"message":"Forbidden – specified access_token could not be found"}