Secure Messaging

Technical documentation

Feature Overview

The objective of the Secure Messaging feature is to enable secure, auditable electronic message delivery by enforcing encryption and recipient authentication. This ensures that sensitive messages are accessible only to verified recipients, maintaining data confidentiality, integrity, and compliance with industry security standards. All data is protected both at rest and in transit using modern encryption protocols (TLS 2.0 or higher), and access is controlled via identity verification mechanisms based on email-delivered one-time use passcodes.

Feature Description

The Secure Messaging Service enables secure communication through a process that protects message content and controls recipient access:

Data Protection: All data is encrypted at rest and in transit using TLS 2.0 or higher.
Recipient Verification: When a message is sent, the recipient receives an email with a secure link to access the message.
Access Control: Upon visiting the secure Web page, the recipient must generate and enter a one-time use passcode, sent to their email, to view the message.
User Privacy: In multi-recipient scenarios, each recipient receives an individual notification and is unaware of other recipients.
Audit Logging: Every access attempt and message transaction is recorded in a persistent audit trail within VisualVault.
Configurability:
- Passcode expiration time is adjustable.
- Expired passcodes can be regenerated by the recipient.
- The number of OTP requests per message can be limited.
- Message expiration can be configured, after which no new OTPs can be generated and the message becomes inaccessible.

This service ensures that messages are only accessed by intended recipients, remain secure during transmission and storage, and are fully auditable to support compliance requirements.

Technical Architecture

Data flow abstract

Data flow detailed

Database Schema

API Controllers

Configuration Parameters

Table Name	Field Name	Data Type	Default	Notes
customers	customerDatabaseId	char(36)		unique identifier
	apiUrl	varchar(1024)		VV Instance URL
	apiKey	varchar(255)
	apiSecret	varchar(255)
messages	messageId	char(36)
	subject	longtext
	body	longtext
	messageDate	timestamp	CURRENT_TIMESTAMP
	customerDatabaseId	char(36)
message_recipients	msgRecipientId	char(36)		One record per recipient per message
	recipientId	char(36)
	messageId	char(36)
	recipientEmail	varchar(1024)
	customerDatabaseId	char(36)
message_verification_codes	msgCodeId	char(36)
	messageId	char(36)
	recipientId	char(36)
	messageCode	varchar(255)
	expirationDate	timestamp		configurable minutes
	enabled	boolean	TRUE	After code is accepted set to false
	customerDatabaseId	char(36)
message_templates	templateId	char(36)
	templateType	int		Add constants to code for each msg type
	subject	longtext
	body	longtext
	customerDatabaseId	char(36)
Event_log	eventId	char(36)		Primary Key, unique identifier
	eventDate	timestamp
	eventType	int		Enum: 1 - message 2 - recipient 3 - code 4 - template
	customerDatabaseId	char(36)
	relatedId	char(36)		Related Foreign Key: messageId, msgRecipientId, msgCodeId, templateId
	eventMessage	longtext

Type	Route	Description
POST	/api/email	Creates secure email
POST	/api/code	Request one time code for msgID, msgRecipId
POST	/api/code/{code}/validate	Validates one time code

Below are detailed all the parameters that could be configured in the process:

File	Parameter	Details
public/js/config.js	apiEndpoint	URL of the application <add key="apiEndpoint" value="Site URL" /> Remark If hosted on a server, its hostname must be used without including the port. For example, for the application that is hosted at port 89, the configuration should be: “apiEndpoint”: “https://localhost:89'“
services/serverstrings.js	AUTH_API_KEY	The API Key used in authentication processes, which identifies a specific VisualVault API. <add key="AUTH_API_KEY" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" />
services/serverstrings.js	AUTH_CUST_ALIAS	The client-specific alias used in authentication processes, which identifies a specific tenant, customer, or user group within VisualVault. <add key="AUTH_CUST_ALIAS" value="Customer Alias" />
services/serverstrings.js	AUTH_DEV_ID	The Dev ID used in authentication processes, which identifes the app requesting access. <add key="AUTH_DEV_ID" value="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" />
services/serverstrings.js	AUTH_DEV_SECRET	A secret key paired with `AUTH_DEV_ID` for securely authenticating the app. <add key="AUTH_DEV_SECRET" value=”DEV_SECRET” />
services/serverstrings.js	AUTH_DB_ALIAS	The alias name for the authentication database. This identifies and connect to the correct database instance where user credentials or tokens are stored. add key="AUTH_DB_ALIAS" value="Database Alias" />
services/serverstrings.js	AUTH_VAULT_URL	The site URL of the database. <add key="AUTH_VAULT_URL" value="site URL" />
services/serverstrings.js	Individual_Template	A placeholder or template identifier. <add key="Individual_Template” value=”” />
services/serverstrings.js	TOKEN_KEY	A key used for identifying or managing authentication tokens (e.g., in Redis or JWT logic). <add key="TOKEN_KEY” value=”xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx” />
services/serverstrings.js	SQL_USER	SQL Server username for connecting to the database. <add key="SQL_USER" value=”user” />
services/serverstrings.js	SQL_PASSWORD	Password for the specified SQL user. <add key="SQL_PASSWORD” value=”pass” />
services/serverstrings.js	SQL_DATABASE	The SQL Database name. Used by dbConnection.js <add key="SQL_DATABASE" value=”DATABASE” />
services/serverstrings.js	SQL_DATABASE_MAIN	Name of the default SQL database. Used by models (some queries go to Main). <add key="SQL_DATABASE_MAIN” value=”DATABASE_MAIN” />
services/serverstrings.js	SQL_SERVER	Hostname or IP address of the SQL Server. <add key="SQL_SERVER” value=”sql-server” />
services/serverstrings.js	SQL_MULTISUBNETFAILOVER	Enables multi-subnet failover for high-availability SQL clusters. <add key="SQL_MULTISUBNETFAILOVER” value=”true” />
services/serverstrings.js	SQL_ENABLED	Toggles SQL usage on or off in the application. <add key="SQL_ENABLED” value=”true” />
services/serverstrings.js	READ_ACCESS_GROUPS	Comma-separated list of user groups with read access. <add key="READ_ACCESS_GROUPS” value=”VaultAccess,VaultAdmin" />
services/serverstrings.js	WRITE_ACCESS_GROUPS	Comma-separated list of user groups with write access. <add key="WRITE_ACCESS_GROUPS” value=”VaultAccess,VaultAdmin" />
services/serverstrings.js	DELETE_ACCESS_GROUPS	Comma-separated list of user groups with delete access. <add key="DELETE_ACCESS_GROUPS” value=”VaultAccess,VaultAdmin" />
services/serverstrings.js	COOKIE_DOMAIN	The domain used for setting cookies (e.g., for session tracking). <add key="COOKIE_DOMAIN” value="localhost" />
services/serverstrings.js	USE_REDIS_SESSION	Enables use of Redis for session storage. <add key="USE_REDIS_SESSION” value=”false” />
services/serverstrings.js	REDIS_HOST	IP address or hostname of the Redis server. <add key="REDIS_HOST” value=”xx.x.xx.xx” />
services/serverstrings.js	REDIS_PORT	Port on which Redis is listening. <add key="REDIS_PORT” value=”Port” />
services/serverstrings.js	REDIS_USER	Username for Redis authentication (empty if not used). <add key="REDIS_USER” value=”” />
services/serverstrings.js	REDIS_PASSWORD	Password for Redis authentication (empty if not used). <add key="REDIS_PASSWORD” value=”” />

Walkthrough

Clone the Github repository using Visual Studio Code
- Prerequisites
  - VS Code
  - Node version 18 or higher installed
  - AWS VPN connection for database access
- NPM Install in respository directory
  - From VS Code terminal or Windows termainal execute "npm install" in the project directory
- Install the localhost certificate for local development
  - Windows 10/11: Right click on the localhost.crt file, select Install Certificate--> Local Machine-->Place all certificates in the following store-->browse to Trusted Root Certificate Authorities-->click OK.
- Click Run and Debug Icon
  - Click the Run and Debug Icon (ctrl+Shift+D) Click Launch Program Icon (F5)
- Open browser to https://localhost:89
  - You change the port number in the /bin/www file
Configuration
- /Services/serverstrings.js file contains the VisualVault API URL and credentials Update the API Key/Secret and database connection information

Execution (with Error Handling)

1. Initiate and Send Secure Message

Action: The Sender inputs required message details (e.g., message body, subject, recipients). Upon submission, the system validates input fields (e.g., required data, email formats). If validation succeeds, HTTP Client sends an HTTP POST /api/email to the Secure Messaging Service
Payload: msgBody, msgSubject, emailRecipients, customerDatabaseId and a JSON web token (JWT).

Parameter	Type	Description
`msgBody`	longtext	Body
`msgSubject`	longtext	Subject
`emailRecipients`	comma delimited list	Recipients
`jsonwebtoken`	JWT	JSON web token (JWT) authorization token provided by VV API once connected to VV API
`customerDatabaseId`	char(36)	The name for the authentication database. This identifies and connect to the correct database instance where user credentials or tokens are stored.

Error Handling:
- If any required data is missing or invalid (e.g., incorrect email address for recipient), block the action and display an appropriate error message.
- Only proceed with sending the HTTP POST request upon successful validation.
- Catch HTTP errors and log them.
- Retry mechanism (e.g., up to 3 attempts on errors like timeouts).

2. Message and Recipient Verification

Action: Secure Messaging Portal generates messageId and recipientEmail, and saves to multi-tenant database.
- App updates messages table. Note the messageId.
- App updates message_recipients table. Note the email entered appears in recipientEmail.
Error Handling:
- If database write fails, return error to sender and stop transaction.
- Show sender an error (e.g.,"Failed to create secure message. Please try again.")

3. Notification Email Dispatch

Action: Secure Messaging Portal sends email to each recipient using VisualVault API.
- The following message is sent to the recipient:
Error Handling:
- If email delivery fails (Microservice/API failure), log failure and mark message as "undelivered".
- Optionally retry email delivery asynchronously.

4. One-Time Code Request

Action: Recipient clicks link, “Click here to verify”, which triggers HTTP POST /api/code to the Secure Messaging Service.
Payload: messageId, msgRecipId
Error Handling:
- Invalid or expired messageId/msgRecipId: show error "Invalid message request."
- Log all failed code generation attempts for auditing.

5. Code Generation and Delivery

Action: Secure Messaging Portal generates one-time code and stores in database, then emails code to recipient.
Error Handling:
- If database or email operation fails: log and notify user "Unable to generate access code. Please try again later."

6. Code Validation

Action: Recipient submits code, HTTP POST /api/code/{code}/validate to the Secure Messaging Portal.
Error Handling:
- Expired/invalid code: show message, (e.g., "Code is invalid or expired.")
- Lock out after 5 failed attempts.

7. Code Verification and Message Rendering

Action: Secure Messaging Portal verifies code and renders UI.
Error Handling:
- If initialization fails (e.g., missing data), show message, (e.g., "Unable to load message. Contact support.")
- Log rendering or state errors with user/session context.

8. Access the Secure Message

Action: User reads secure message in browser.
Error Handling:
- If browser loses session or network, show reconnection options.

FAQ

What is the Secure Messaging Portal?

The Secure Messaging Portal is a secure feature which enables secure communication through a process that protects message content and controls recipient access.

How do I initiate and send a secure message?

To send a secure message:

Fill in the required fields: message body, subject, recipients.
The system validates your inputs (e.g., required fields, valid email addresses).
Upon successful validation, the system sends the message via HTTP POST to the Secure Messaging Service.

What data is required when sending a message?

The required parameters to send a message are:

msgBody
msgSubject
emailRecipients
customerDatabaseId
JSON web token (JWT)

What happens if I enter an invalid email or miss a required field?

The system will block the message from being sent and display an error (e.g., "Invalid email format" or "Subject is required").

What happens after a message is sent?

The system generates internal message IDs and stores them in a secure, multi-tenant database.
Each recipient receives an email notification through the VisualVault API.
If delivery fails, it is logged and the message is marked as "undelivered".

How do recipients access secure messages?

Recipients will:

Click the link in the notification email.
A one-time access code is requested and sent via email.
The recipient enters the code to view the secure message in their browser.

What happens if the browser session is lost?

The system will provide reconnection options to help users regain access without restarting the process entirely.

How are errors handled during message submission?

Client-side validation for required fields and email formats.
Server-side HTTP errors (e.g., 400, 500) are caught and logged.
Retry logic is implemented (up to 3 times) for transient issues like timeouts.
Invalid inputs return descriptive messages (e.g., "Missing subject", "Invalid recipient email").

What logging and audit mechanisms are in place?

Logged Events:

Failed validations
Code generation attempts
HTTP errors (with status and endpoint)
Database write failures
Email delivery failures
Message render errors

Audit Trail:

Tracks access by msgId/msgRecipId
Code request and validation attempts
Lockout triggers

Related Resources

Additional Resources:

Github Repository