API keys

Use API keys to authenticate API requests.

BanQ authenticates your API requests using your service's API keys.

If a request doesn't include a signature, BanQ returns an URL signature error.
If a request includes an invalid signature, BanQ returns a header signature error.

You can create API keys with the following instruction

RSA-2048 key pair

Create key pair

Create RSA-2048 key pair for your service.

mkdir pk
openssl genrsa -out pk/gen.private.key 2048
openssl rsa -in pk/gen.private.key \
	-outform PEM -pubout -out pk/gen.public.pem

Usage

Type	File	When to use
Private	pk/gen.private.key	On the server side: Use this key to authenticate your API request. Don't expose this key.
Public	pk/gen.public.pem	Provide this key for other service to verify API request (signed with the private key). Can be publicly accessible.

Type

File

When to use

Private

pk/gen.private.key

On the server side: Use this key to authenticate your API request. Don't expose this key.

Public

pk/gen.public.pem

Provide this key for other service to verify API request (signed with the private key). Can be publicly accessible.

Authenticate API request

Using Shell Command

Generate signature of the message with your key

openssl dgst -sha256 -sign pk/gen.private.key msg > sig

Fill base64 encoded signature in request header as X-Signature
```
cat sig | base64
```

Using JavaScript

function sign(privatekey, msg) {
    var rsa = new RSAKey();
    rsa.readPrivateKeyFromPEMString(privatekey);
    let hSig = rsa.sign(msg, "sha256");
    let b64 = btoa(hSig.match(/\w{2}/g).map(function (a) { return String.fromCharCode(parseInt(a, 16)); }).join(""))
    return b64
}

Verify API request

base64 decode the signature from request header
```
echo BASE64_ENCODED_SIG | base64 -d > sig
```

Verify signature

openssl dgst -sha256 -verify pk/gen.public.pem -signature sig msg

PreviousUser roles NextACT

Last updated 5 months ago