In this guide, we will explain how you can pass secure and sensitive data in a Formyoula URL using AES encryption. If you have any questions, please email us [email protected].
Sharing a form link publicly with sensitive data and record id's in the URL can lead to security issues. To overcome these issues, Formyoula URL's allow users to pass confidential information using AES encryption. Please use the encrypt method of the Salesforce crypto apex class to encrypt JSON data from Salesforce.https://developer.salesforce.com/docs/atlas.en-us.apexcode.meta/apexcode/apex_classes_restful_crypto.htm#apex_System_Crypto_encryptContact Formyoula support to generate a secure SHA 256 key, that will be used to encrypt and decrypt secure query strings.
Once the key is generated, the SHA 256 key can be found on the account setup page ( https://app.formyoula.com/setup/account ).
The initialization vector must be 128 bits (16 bytes.) and should be first 16 bytes of the SHA 256 key.
Salesforce example to create encrypted data.
//Set Key
Blob key = Blob.valueOf('tx@M_VCmD#yccau9&A?%7%xfjAC?7%s8');
// Get first 16 bytes of SHA 256 key.
Blob iv = Blob.valueOf('tx@M_VCmD#yccau9');
// Data should be a valid JSON
Blob data = Blob.valueOf( '{"f17a-b50e-22ea": "secure value", "f677-a8a9-8872" : "record id"}');
String encrypted_data = EncodingUtil.base64Encode(Crypto.encrypt('AES256', key, iv, data));
JavaScript example using CryptoJS library.
//Create Key
var key = CryptoJS.enc.Utf8.parse('tx@M_VCmD#yccau9&A?%7%xfjAC?7%s8');
//Get Iv
var iv = CryptoJS.enc.Utf8.parse('tx@M_VCmD#yccau9');
//Data to be encrypted
var pw = CryptoJS.enc.Utf8.parse( '{"f17a-b50e-22ea": "secure value", "f677-a8a9-8872" : "record id"} );
//Encrypt
var encrypted = CryptoJS.AES.encrypt(pw, key,{ iv: iv});
//Encrypt string
var encrypted_data = encrypted.toString();
Now the encrypted_data can be passed into the Formyoula form URL using f_d query string value.
Please see below example URL.https://app.formyoula.com/mobile?form_id=5c5d4ef2cb373100143d75bf&f_d=7pojog%2Bi4yWI7aPzmpe6fQHoSi%2FWWlFPC5H4RVd%2Bjs7Pm3%2BjpOoRcUabJpqiIs47iSSWrh%2BsBG0Zntn9B5B0vIvxMK9bj93g6i%2BhWI8P2vQ%3D
For any questions, please contact us - [email protected]