291e791114
- Security: validasi HMAC SHA512 untuk semua request, cek timestamp ISO 8601 dengan toleransi 5 menit, autentikasi API key, dan wajib header X-Api-Key, X-Signature, X-Timestamp. - Input validation: account_number numeric 10 digit & exists, start/end date format YYYY-MM-DD dengan aturan range (start ≤ end ≤ today). - Perubahan file: update `app/Http/Requests/BalanceSummaryRequest.php` (HMAC check, timestamp check, pesan error, logging) dan `config/webstatement.php` (api_key, secret_key). - Error handling: konsisten dengan ResponseCode enum; HTTP status 400/401/404; pesan error jelas (Bahasa Indonesia) + logging. - Testing: Postman collection diperbarui untuk kasus negatif & edge cases; backward compatibility dijaga. - Breaking changes: endpoint kini mewajibkan 3 header (X-Api-Key, X-Signature, X-Timestamp); account number wajib 10 digit numeric; format tanggal strict. - ENV: tambahkan `WEBSTATEMENT_API_KEY` dan `WEBSTATEMENT_SECRET_KEY` (dipetakan ke `config/webstatement.php`).
22 lines
641 B
PHP
22 lines
641 B
PHP
<?php
|
|
|
|
return [
|
|
'name' => 'Webstatement',
|
|
|
|
// ZIP file password configuration
|
|
'zip_password' => env('WEBSTATEMENT_ZIP_PASSWORD', 'statement123'),
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| API Configuration
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| These configuration values are used for API authentication using HMAC
|
|
| signature validation. These keys are used to validate incoming API
|
|
| requests and ensure secure communication.
|
|
|
|
|
*/
|
|
|
|
'api_key' => env('API_KEY'),
|
|
'secret_key' => env('SECRET_KEY'),
|
|
];
|