Encryption Support
Flynn Enriched APIs support both plain text headers and encrypted headers for few sensitive values.
Plain Text headers Support#
If sending headers in plain text, these would be the full list of headers that EAS expects. The bold headers are those, that support encryption, if clients choose to do so.
E-invoice module#
| Header | description | Example value |
|---|---|---|
| X-FLYNN-N-USER-TOKEN | theodore JWT authentication token | |
| X-FLYNN-N-ORG-ID | theodore org id | |
| X-FLYNN-N-IRP-GSTIN | IRP user gstin | 27AAAPI3182M002 |
| X-FLYNN-N-IRP-USERNAME | IRP user name | test_27_003 |
| X-FLYNN-N-IRP-PWD | IRP user password in plain text | |
| X-FLYNN-N-IRP-GSP-CODE | IRP GSP code (currently only vay supported) |
vay |
| accept | Content type accepted by client | application/json; charset=UTF-8 |
E-way bill module#
| Header | description | Example value |
|---|---|---|
| X-FLYNN-N-USER-TOKEN | theodore JWT authentication token | |
| X-FLYNN-N-ORG-ID | theodore org id | |
| X-FLYNN-N-EWB-GSTIN | E-way Bill user gstin | 29AAACW4202F1ZM |
| X-FLYNN-N-EWB-USERNAME | E-way Bill user name | test_dlr228 |
| X-FLYNN-N-EWB-PWD | E-way Bill user password in plain text | |
| X-FLYNN-N-EWB-GSP-CODE | E-way Bill GSP code (currently only vay supported) |
vay |
| accept | Content type accepted by client | application/json; charset=UTF-8 |
Encrypted Headers Support#
EAS supports encrypted headers values (for the mentioned sensitive header values) using AES encryption. AES is a symmetric key encryption. The key used to encrypt a certain payload is also used to decrypt the payload. AES supports 128, 192 and 256-bit keys for this process.
Encryption Modes#
The two choices of encryption modes in AES currently supported are
1. Electronic Cook Book (ECB)
2. Cipher Block Chaining (CBC)
The default would be AES encryption in ECB mode. You would need to pass certain headers to instruct Enriched API Services to use AES Encryption in mode of your choosing. In absence of these headers, it is assumed that AES encryption mode chosen is ECB mode.
The bold headers are the ones, that are either encrypted values or provide encryption related information to EAS.
Note
The full list of headers is given for E-invoice module only as an example. the similar headers will be applicable for E-way bill module as well with headers names changed from
X-FLYNN-S-IRP-PWD to X-FLYNN-S-EWB-PWD.
Headers with AES Encryption in ECB Mode#
| Header | description | Example value |
|---|---|---|
| X-FLYNN-N-USER-TOKEN | theodore JWT authentication token | |
| X-FLYNN-N-ORG-ID | theodore org id | |
| X-FLYNN-N-IRP-GSTIN | IRP user gstin | 27AAAPI3182M002 |
| X-FLYNN-N-IRP-USERNAME | IRP user name | test_27_003 |
| X-FLYNN-S-REK | Request Encryption Key - refer here | |
| X-FLYNN-S-IRP-PWD | IRP user password encrypted using AES ECB encryption | |
| X-FLYNN-N-AES-ENCRYPTION-MODE | mode of AES encryption(default, not required to give) | ECB |
| X-FLYNN-N-IRP-GSP-CODE | IRP GSP code (currently only vay supported) |
vay |
| accept | Content type accepted by client | application/json; charset=UTF-8 |
Header with AES Encryption in CBC Mode#
CBC encryption mode requires an Initialization vector as well, hence for CBC mode of encryption, the IV spec value is passed in a header named X-FLYNN-S-IV.
The header X-FLYNN-S-IV is Base 64 encoded IV spec, encrypted using public key of EAS Server.
| Header | description | Example value |
|---|---|---|
| X-FLYNN-N-USER-TOKEN | theodore JWT authentication token | |
| X-FLYNN-N-ORG-ID | theodore org id | |
| X-FLYNN-N-IRP-GSTIN | IRP user gstin | 27AAAPI3182M002 |
| X-FLYNN-N-IRP-USERNAME | IRP user name | test_27_003 |
| X-FLYNN-S-REK | Request Encryption Key - refer here | |
| X-FLYNN-S-IRP-PWD | IRP user password encrypted using AES CBC encryption | |
| X-FLYNN-N-AES-ENCRYPTION-MODE | mode of AES encryption(need to provide this header with value CBC) | CBC |
| X-FLYNN-S-IV | Initialization vector (need to be given only in case of CBC Mode) | |
| X-FLYNN-N-IRP-GSP-CODE | IRP GSP code (currently only vay supported) | vay |
| accept | Content type accepted by client | application/json; charset=UTF-8 |