GOV.UK Pay Public API service in Java (Dropwizard)
Keystore setup for HTTPS outbound calls:
Following variables are needed in order to import the trusted certificates and public keys to a java keystore, which will be used for secure outbound HTTPS calls.
Importing certs/keys are handled in
docker-startup.sh. This script assumes the infrastructure provids a trusted certificate file (CERT_FILE), a key (KEY_FILE) in a
known directory (CERTS_DIR).
Then the script creates a keystore (KEYSTORE_FILE) in a separate directory (KEYSTORE_DIR) and imports the certificate and key in to it.
|CERTS_DIR||Yes||The directory where the import script can find a trusted certificate and any public key|
|CERT_FILE||Yes||The name of the certificate file to import|
|KEY_FILE||Yes||The key file to import|
|KEYSTORE_DIR||Yes||The directory where the java keystore will be created|
|KEYSTORE_FILE||Yes||The name of the java keystore file|
Rate limiter and Authorization filters setup
These are the variables related to Public API filters.
|RATE_LIMITER_VALUE||No (Default 3)||Number of requests (other than POST) allowed per time defined by RATE_LIMITER_PER_MILLIS|
|RATE_LIMITER_VALUE_POST||No (Default 3)||Number of POST requests allowed per time defined by RATE_LIMITER_PER_MILLIS|
|RATE_LIMITER_PER_MILLIS||No (Default 1000)||Rate limiter time window|
|TOKEN_API_HMAC_SECRET||Yes||Hmac secret to be used to validate that the given token is genuine (Api Key = Token + Hmac (Token, Secret)|
$ ./redirect.sh start $ ./env.sh mvn exec:java ... (pay-publicapi log output) ... (press CTRL+C to stop service) ... $ ./redirect.sh stop
API through gelato.io
gelato.io is a hosted service that dynamically generates beautiful documentation and sandbox from a Swagger-compliant API. It also provides customized documentation, markdown editor, automatic API explorer, code sample Generation, custom styling and allows to add a custom domain.
The API Specification provides more detail on the paths and operations including examples.
||POST||creates a payment|
||GET||returns a payment by ID|
||POST||cancels a payment|
||GET||returns all audit events for the payment referred by this ID|
||GET||returns a list of refunds for the payment|
||POST||creates a new refund for the payment|
||GET||returns a refund by ID|
||POST||create and agreement|
- https://www.mock-server.com/ is used for mocking dependent services
GOV.UK Pay aims to stay secure for everyone. If you are a security researcher and have discovered a security vulnerability in this code, we appreciate your help in disclosing it to us in a responsible manner. We will give appropriate credit to those reporting confirmed issues. Please e-mail firstname.lastname@example.org with details of any issue you find, we aim to reply quickly.