Service Virtualization

 View Only
  • 1.  What should be done to Virtualize Crypto API

    Posted Nov 07, 2017 09:53 AM

    We have a Crypto API which calls third party to validate password. What will be the best way to Virtualize this API?

     

    1) Does Request-Response pair approach will work? The problem here is looking logs to identify crypto request is complex. Where it starts and ends is difficult to identify.

    2) Live Recording - Is this approach best? And if yes, Do we require any Data Protocol to add while recording? Do we need to have specific Crypto keys to make a call to Crypto server.

     

    Please assist what steps needs to be followed for virtualized a Crypto API.



  • 2.  Re: What should be done to Virtualize Crypto API
    Best Answer

    Posted Nov 08, 2017 06:50 AM

    Without understanding how either the API or the third-party service work, this is a difficult question to answer. Assuming that your API receives and encrypted password and is required to validate it, then I would assume that you would need a custom DPH that would be able to decrypt the password and supply plain-text to your service.

     

    If, however, you receive a plain-text password over a TLS (SSL) connection, then it would be sufficient to TLS enable a service, assuming that you are using one of the supported transports (MQ, HTTP etc)

     

    In order to provide a better response, we need to know at least what type of API you have (REST/SOAP etc), what your transport is (HTTP/MQ etc) and what form the payload takes.