We have a Crypto API which calls third party to validate password. What will be the best way to Virtualize this API?
1) Does Request-Response pair approach will work? The problem here is looking logs to identify crypto request is complex. Where it starts and ends is difficult to identify.
2) Live Recording - Is this approach best? And if yes, Do we require any Data Protocol to add while recording? Do we need to have specific Crypto keys to make a call to Crypto server.
Please assist what steps needs to be followed for virtualized a Crypto API.
Without understanding how either the API or the third-party service work, this is a difficult question to answer. Assuming that your API receives and encrypted password and is required to validate it, then I would assume that you would need a custom DPH that would be able to decrypt the password and supply plain-text to your service.
If, however, you receive a plain-text password over a TLS (SSL) connection, then it would be sufficient to TLS enable a service, assuming that you are using one of the supported transports (MQ, HTTP etc)
In order to provide a better response, we need to know at least what type of API you have (REST/SOAP etc), what your transport is (HTTP/MQ etc) and what form the payload takes.