mangopay4-ruby-sdk 3.46.0 → 3.47.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ebeaec3cb872600bd73956fbf11d134bc90c5d4eb858e4a5873ff1dc020bbe56
-  data.tar.gz: 0df0444dd4be33ca5936d3d911250287cddafc339aa9275c35fbfc264e3d2d21
+  metadata.gz: 8cc10e268ef7f7029a76cd99da66abdcfbe9a76c7cd1b938992e102758e4396e
+  data.tar.gz: 947581ca00b8c352e07be28d4bf5f21f28211a15f6c69afc6595aa669f201249
 SHA512:
-  metadata.gz: 474b4ec9b214ea50d75aec50506818aba748f9b2c279919ba8849d4749b716151411a8a5a0e6240d16744b70ea8341342188c89e6db471269a83c8a93c7e4757
-  data.tar.gz: b9e6f1e6636a116c2f670849a61839964d11a2298304c0ad0be7584a4024a9415f42f5861bf630effca9a964084f8baa0f7a9f49e3848f1c35f1df21663ea6c3
+  metadata.gz: 7deab526bea4f06430b8b0ce51ee9d7208a7c6e103abb0cced837e4463bf634f5a686215e8ca3a547d57a685b0a7b61912efcb9fb46455c592a96555d6b5a2de
+  data.tar.gz: 1dd444f37f32c14ea3f74d9fa12e40a1d1957eee20be9bb121c8707e7df13d6d92a7bd3e07e37756abec1addb3f53e9b0320fa84d451e69dcb02abff99533db8

data/CHANGELOG.md

@@ -1,3 +1,7 @@
+## [3.47.0] - 2026-03-19
+### Added - mTLS certificates support
+- mTLS certificates are now configurable in the SDK via file paths or encoded strings
+
 ## [3.46.0] - 2026-02-12
 ### FX
 

data/README.md

@@ -19,6 +19,61 @@ or by adding it to your Gemfile ```gem 'mangopay4-ruby-sdk'```
 
 * Call ```MangoPay.configure``` in your script as shown in the snippet below.
 
+## mTLS configuration
+### Set the base URL for mTLS
+
+Using mTLS authentication requires your integration to call a base URL with a different hostname from the standard API:
+
+* Sandbox: `https://api-mtls.sandbox.mangopay.com`
+* Production: `https://api-mtls.mangopay.com`
+
+If using mTLS, your integration should use the `api-mtls` URLs for all API calls, including OAuth token generation.
+
+**Caution:** Ensure you set the mTLS base URL, as shown in the configuration examples below. If you don’t, the mTLS certificate will not be transferred to Mangopay. When mTLS is enforced, your integration will result in an error.
+
+### Configure the SDK’s mTLS properties
+
+The Ruby SDK’s mTLS properties accept one of:
+
+* **Base64-encoded string** – To load the certificate content from environment variables
+* **File path** – To point to the locally stored file, for example during testing
+
+  | Property              | Type              | Description                                                                              |
+  | --------------------- | ----------------- |------------------------------------------------------------------------------------------|
+  | `mtls_cert`           | string            | Base64-encoded string of the certificate content or path to the certificate `.pem` file. |
+  | `mtls_private_key`    | string            | Base64-encoded string of the private key content or path to the private `.key` file.     |
+  | `mtls_key_passphrase` | string (optional) | String passphrase if the private key is encrypted.                                       |
+
+#### Base64-encoded strings
+
+  ```ruby  theme={null}
+  MangoPay.configure do |c|
+    c.client_id    = 'your-mangopay-client-id'
+    c.client_apiKey = 'your-mangopay-api-key'
+    c.root_url = 'https://api-mtls.sandbox.mangopay.com' # mTLS base URL
+    c.preproduction = true
+
+    c.mtls_cert           = ENV['CERTIFICATE_PEM_B64']  # Base64-encoded string
+    c.mtls_key            = ENV['PRIVATE_KEY_B64']   # Base64-encoded string
+    c.mtls_key_passphrase = ENV['YOUR_CERT_PASSPHRASE'] # optional, if encrypted
+  end
+  ```
+
+#### File paths
+
+  ```ruby  theme={null}
+  MangoPay.configure do |c|
+    c.client_id    = 'your-mangopay-client-id'
+    c.client_apiKey = 'your-mangopay-api-key'
+    c.root_url = 'https://api-mtls.sandbox.mangopay.com' # mTLS base URL
+    c.preproduction = true
+
+    c.mtls_cert           = '/path/to/certificate.pem' # file path
+    c.mtls_key            = '/path/to/private.key' # file path 
+    c.mtls_key_passphrase = 'your-cert-passphrase' # optional, if encrypted
+  end
+  ```
+
 ### Usage
 
 ```ruby

data/lib/mangopay/version.rb

@@ -1,3 +1,3 @@
 module MangoPay
-  VERSION = '3.46.0'
+  VERSION = '3.47.0'
 end

data/lib/mangopay.rb

@@ -1,4 +1,6 @@
 require 'net/http'
+require 'openssl'
+require 'base64'
 require 'cgi/util'
 require 'digest/md5'
 require 'multi_json'
@@ -67,7 +69,8 @@ module MangoPay
                   :temp_dir, :log_file, :log_trace_headers, :http_timeout,
                   :http_max_retries, :http_open_timeout,
                   :logger, :use_ssl, :uk_header_flag,
-                  :after_request_proc
+                  :after_request_proc,
+                  :mtls_cert, :mtls_key, :mtls_key_passphrase
 
     def apply_configuration
       MangoPay.configure do |config|
@@ -83,6 +86,9 @@ module MangoPay
         config.logger = @logger
         config.uk_header_flag = @uk_header_flag
         config.after_request_proc = @after_request_proc
+        config.mtls_cert = @mtls_cert
+        config.mtls_key = @mtls_key
+        config.mtls_key_passphrase = @mtls_key_passphrase
       end
     end
 
@@ -226,9 +232,7 @@ module MangoPay
         headers['x-tenant-id'] = 'uk'
       end
 
-      res = Net::HTTP.start(uri.host, uri.port, :use_ssl => configuration.use_ssl?, :read_timeout => configuration.http_timeout,
-                            :max_retries => configuration.http_max_retries,
-                            :open_timeout => configuration.http_open_timeout, ssl_version: :TLSv1_2) do |http|
+      res = Net::HTTP.start(uri.host, uri.port, **ssl_options) do |http|
         req = Net::HTTP::const_get(method.capitalize).new(uri.request_uri, headers)
         req.body = JSON.dump(params)
         before_request_proc.call(req) if before_request_proc
@@ -296,12 +300,7 @@ module MangoPay
       # Join string parts and ensure binary content is preserved
       body = multipart_body.map { |part| part.is_a?(String) ? part.force_encoding("ASCII-8BIT") : part }.join("\r\n")
 
-      res = Net::HTTP.start(uri.host, uri.port,
-                            use_ssl: configuration.use_ssl?,
-                            read_timeout: configuration.http_timeout,
-                            open_timeout: configuration.http_open_timeout,
-                            max_retries: configuration.http_max_retries,
-                            ssl_version: :TLSv1_2) do |http|
+      res = Net::HTTP.start(uri.host, uri.port, **ssl_options) do |http|
         req_class = Net::HTTP.const_get(method.capitalize)
         req = req_class.new(uri.request_uri, headers)
         req.body = body
@@ -380,6 +379,38 @@ module MangoPay
       end
     end
 
+    def ssl_options
+      opts = {
+        use_ssl:      configuration.use_ssl?,
+        read_timeout: configuration.http_timeout,
+        open_timeout: configuration.http_open_timeout,
+        max_retries:  configuration.http_max_retries,
+      }
+
+      if defined?(OpenSSL::SSL::TLS1_2_VERSION)
+        opts[:min_version] = OpenSSL::SSL::TLS1_2_VERSION
+      else
+        opts[:ssl_version] = :TLSv1_2
+      end
+
+      if configuration.mtls_cert && configuration.mtls_key
+        cert_pem = file_or_pem(configuration.mtls_cert)
+        key_pem  = file_or_pem(configuration.mtls_key)
+        opts[:cert] = OpenSSL::X509::Certificate.new(cert_pem)
+        opts[:key]  = OpenSSL::PKey.read(key_pem, configuration.mtls_key_passphrase)
+      end
+
+      opts
+    end
+
+    def file_or_pem(value)
+      if File.exist?(value)
+        File.read(value)
+      else
+        Base64.decode64(value)
+      end
+    end
+
     def do_request(http, req, uri)
       if logs_required?
         do_request_with_log(http, req, uri)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: mangopay4-ruby-sdk
 version: !ruby/object:Gem::Version
-  version: 3.46.0
+  version: 3.47.0
 platform: ruby
 authors:
 - Geoffroy Lorieux
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-02-12 00:00:00.000000000 Z
+date: 2026-03-23 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: multi_json