import { generateKeyPair, exportJWK, CompactEncrypt, compactDecrypt, importJWK } from 'jose';
async function mleExample() {
// 1. Generate your key pair (one-time setup)
const { publicKey, privateKey } = await generateKeyPair('RSA-OAEP-256');
const publicJwk = await exportJWK(publicKey);
const privateJwk = await exportJWK(privateKey);
publicJwk.alg = 'RSA-OAEP-256';
publicJwk.use = 'enc';
publicJwk.kid = 'my-key-2024';
// 2. Register your public key with Method
await fetch('https://production.methodfi.com/teams/mle/public_keys', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk_your_token',
'Content-Type': 'application/json',
},
body: JSON.stringify({
type: 'direct',
contact: 'security@example.com',
jwk: publicJwk
})
});
// 3. Get Method's public key
const methodKeysResponse = await fetch('https://production.methodfi.com/.well-known/jwks.json', {
headers: { 'Authorization': 'Bearer sk_your_token' }
});
const { keys } = await methodKeysResponse.json();
const methodPublicKey = keys.find(k => k.status === 'active');
// 4. Encrypt your request
const payload = {
type: 'individual',
individual: {
first_name: 'Kevin',
last_name: 'Doyle',
ssn: '111223333'
}
};
const methodKey = await importJWK(methodPublicKey, 'RSA-OAEP-256');
const encryptedJwe = await new CompactEncrypt(
new TextEncoder().encode(JSON.stringify(payload))
)
.setProtectedHeader({
alg: 'RSA-OAEP-256',
enc: 'A256GCM',
kid: methodPublicKey.kid,
cid: 'my-key-2024',
typ: 'JWE'
})
.encrypt(methodKey);
// 5. Send encrypted request
const response = await fetch('https://production.methodfi.com/entities', {
method: 'POST',
headers: {
'Authorization': 'Bearer sk_your_token',
'Content-Type': 'application/json',
'Method-MLE': 'jwe'
},
body: JSON.stringify({ encrypted: encryptedJwe })
});
// 6. Decrypt response
const { encrypted } = await response.json();
const { plaintext } = await compactDecrypt(encrypted, await importJWK(privateJwk));
const result = JSON.parse(new TextDecoder().decode(plaintext));
console.log('Created entity:', result);
}