insomnia-plugin-mastercard
Advanced tools
A plugin for consuming Mastercard APIs with support for authentication and encryption.
This plugin computes and adds an Authorization header to requests sent from Insomnia REST Client
and it can be configured to automatically encrypt request and/or decrypt response payloads.
Insomnia v5.15.0+
Before using this library, you will need to set up a project in the Mastercard Developers Portal.
As part of this set up, you'll receive credentials for your app:
To import two ready to be used "sandbox" and "production" environments:
No encryption:
Mastercard Encryption:
JWE Encryption:
Alternatively, you can:
Update your environment:
Linux/macOS
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "/path/to/sandbox-signing-key.p12",
"keystorePassword": "keystorepassword",
"appliesTo": [
"mastercard.com",
"api.ethocaweb.com"
]
}
}
Windows
{
"mastercard": {
"consumerKey": "000000000000000000000000000000000000000000000000!000000000000000000000000000000000000000000000000",
"keyAlias": "keyalias",
"keystoreP12Path": "C:\\path\\to\\sandbox-signing-key.p12",
"keystorePassword": "keystorepassword",
"appliesTo": [
"mastercard.com",
"api.ethocaweb.com"
]
}
}
From now on, an Authorization header will be automatically added to every request sent to Mastercard:
This plugin can take care of encrypting requests and/or decrypting response payloads. To enable encryption support,
you need to configure in the environment the encryptionConfig property.
Here's a quick example for Mastercard Encryption:
{
"mastercard": {
// ... //
"encryptionConfig": {
"paths": [
{
"path": "/tokenize",
"toEncrypt": [
{
"element": "cardInfo.encryptedData",
"obj": "cardInfo"
},
{
"element": "fundingAccountInfo.encryptedPayload.encryptedData",
"obj": "fundingAccountInfo.encryptedPayload"
}
],
"toDecrypt": [
{
"element": "tokenDetail",
"obj": "tokenDetail.encryptedData"
}
]
}
],
"oaepPaddingDigestAlgorithm": "SHA-512",
"ivFieldName": "iv",
"encryptedKeyFieldName": "encryptedKey",
"encryptedValueFieldName": "encryptedData",
"oaepHashingAlgorithmFieldName": "oaepHashingAlgorithm",
"publicKeyFingerprintFieldName": "publicKeyFingerprint",
"publicKeyFingerprintType": "certificate",
"dataEncoding": "hex",
"encryptionCertificate": "/path/to/the/encryption/certificate",
"privateKey": "/path/to/private/key"
}
}
}
As an alternative to providing the privateKey in the encryptionConfig, you can configure the keystore along with alias and password as shown below:
{
"mastercard": {
"encryptionConfig": {
// ... //
"encryptionCertificate": "/path/to/the/encryption/certificate",
"keyStore": "/path/to/the/keystore",
"keyStoreAlias": "keystorealias",
"keyStorePassword": "keystorepassword",
}
}
}
Both Mastercard encryption and JWE encryption are supported.
For more details on the encryption configurations, checkout these links:
FAQs
An Insomnia plugin for consuming Mastercard APIs
We found that insomnia-plugin-mastercard demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Rustâs crates.io team is advancing an RFC to add a Security tab that surfaces RustSec vulnerability and unsoundness advisories directly on crate pages.
Security News
/Research
Socket found a Rust typosquat (finch-rust) that loads sha-rust to steal credentials, using impersonation and an unpinned dependency to auto-deliver updates.
Research
/Security Fundamentals
A pair of typosquatted Go packages posing as Googleâs UUID library quietly turn helper functions into encrypted exfiltration channels to a paste site, putting developer and CI data at risk.