CakeMail API Encrypted Calls Overview

For easier integration, please use one of our libraries.

Requirements for Encryption

• Interface ID: Integer
• Interface Key: 32-digit hexadecimal number

CakeMail supplies the ID and Key. The ID allows the API to identify the encryption key used during communication. POST Request to the API POST URL: http://api.cakemail.com
POST parameter “id”: Interface ID
POST parameter “alg”: can be "blowfish" (default and recommended), "serpent", "tripledes" or "twofish"
POST parameter “mode”: can be "ecb" (default), "cbc", "cfb" (recommended)
POST parameter “request”: Encrypted and hexadecimal encoded XML request. If the selected mode requires an IV, this IV should preceed the encrypted XML request in the "request" parameter.

The request must be encrypted using the blowfish algorithm, where the Interface Key is the encryption key. Then it should be encoded in hexadecimal format. (For example, the 2 binary bytes \xDF\xA8 are encoded as DFA8 using 4 ASCII characters).

API Response

The API response is encrypted using the blowfish algorithm, using the Interface Key as the encryption key. Then it is encoded in hexadecimal format.

Decoding and decrypting must be done prior to reading the XML response.

Getting the User Key

Beside User.Login, all API calls require the User Key. This key (not to be confused with the Interface Key) can be obtained using the method “Login” in the class “User” by sending the user’s email and password.