A production-ready payment API that solves the critical problem of payment fingerprint harvesting while maintaining publicly shareable booking links. Built with Deno, TypeScript, and enterprise-grade security controls.
- Token-Based Booking Access: 256-bit secure tokens replace direct booking ID access
- Dual Authentication: API key + nonce requirement for payment operations
- Single-Use Nonces: IP-bound, 15-minute expiry with automatic invalidation
- Environment Protection: Server requires critical secrets to start
- Comprehensive Rate Limiting: Per-endpoint throttling prevents abuse
# Required environment variables export PAYMENT_USERNAME=your_payment_gateway_username export PAYMENT_PASSWORD=your_payment_gateway_password export MERCHANT_CODE=your_merchant_code export API_KEY=your_secure_api_key
deno run --allow-net --allow-read --allow-env --allow-import --allow-write --allow-ffi main.ts
Server starts on http://localhost:5000 with:
- 🌐 12 endpoints (5 public, 7 authenticated)
- 📋 Interactive API documentation at
/api/docs - 🛡️ Multi-layered security with comprehensive logging
📖 Complete Documentation - Detailed architecture, security flows, and API reference
- Problem & Solution: Why this architecture prevents fingerprint harvesting
- Security Model: Multi-layered protection mechanisms
- API Reference: Complete endpoint documentation with examples
- Frontend Integration: Required client-side functions and flow examples
- File Structure: Purpose of each component in the system
// Generate secure booking token (Admin)
POST /api/generate-booking-token
Authorization: Bearer {api_key}
// Access booking with token (Public)
GET /booking/{token}
// 1. Generate nonce
POST /api/create-payment-nonce
Body: { bookingId: "booking_123" }
// 2. Create payment fingerprint (Dual Auth Required)
POST /api/create-payment-hash
Authorization: Bearer {api_key}
X-Payment-Nonce: {nonce}
// 3. Refresh session after failures
POST /api/v1/payment/refresh
Body: { bookingId: "booking_123" }
✅ Token-based booking access prevents ID enumeration
✅ Dual authentication (API key + nonce) for payment operations
✅ Environment secret validation prevents unauthorized deployment
✅ Rate limiting (5-20 req/min per endpoint) blocks abuse
✅ Single-use nonces with IP binding and 15-minute expiry
✅ Dynamic schema validation from OpenAPI specifications
✅ Comprehensive audit logging with structured security events
┌─────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Public User │ │ Admin/Client │ │ Payment Gateway │
└─────────┬───────┘ └─────────┬────────┘ └─────────┬───────┘
│ │ │
│ GET /booking/{token} │ │
├─────────────────────►│ │
│ │ Dual Auth Required │
│ ├──────────────────────►│
│ │ Payment Fingerprint │
│ │◄──────────────────────┤
│ Secure Payment Form │ │
│◄─────────────────────┤ │
│ │ │
- Prevents mass fingerprint harvesting through dual authentication
- Blocks booking enumeration attacks with secure tokens
- Eliminates replay attacks using single-use nonces
- Provides comprehensive audit trails for compliance
- Maintains shareable booking links without compromising security
- Reduces payment failures from fingerprint abuse
- Enables public access while protecting sensitive operations
- Supports compliance with industry security standards
src/
├── gateway/apiGateway.ts # Centralized routing & security control
├── handlers/ # Endpoint handlers (booking, payment, etc.)
├── middleware/ # Security middleware (CORS, rate limiting)
├── services/ # Core business logic (auth, nonce, payment)
└── utils/ # Utilities (logging, validation, OpenAPI)
All endpoints tested and verified:
- Booking token generation and access
- Payment nonce and fingerprint creation
- Security controls and rate limiting
- Error handling and validation
- Environment variables configured
- CORS origins set for production domains
- SSL/TLS certificates installed
- Monitoring and alerting configured
- Database backup strategy implemented
- Security event logging enabled
Built with Enterprise Security • Production Ready • Fully Documented