API keys

Use API keys to authenticate API requests.

BanQ authenticates your API requests using your service's API keys.

• If a request doesn't include a signature, BanQ returns an URL signature error.

• If a request includes an invalid signature, BanQ returns a header signature error.

You can create API keys with the following instruction

RSA-2048 key pair

Create key pair

Create RSA-2048 key pair for your service.

mkdir pk
openssl genrsa -out pk/gen.private.key 2048
openssl rsa -in pk/gen.private.key \
	-outform PEM -pubout -out pk/gen.public.pem

Usage

Type	File	When to use
Private	pk/gen.private.key	On the server side: Use this key to authenticate your API request. Don't expose this key.
Public	pk/gen.public.pem	Provide this key for other service to verify API request (signed with the private key). Can be publicly accessible.

Authenticate API request

Using Shell Command

1. Generate signature of the message with your key

   openssl dgst -sha256 -sign pk/gen.private.key msg > sig

2. Fill base64 encoded signature in request header as X-Signature

   cat sig | base64

Using JavaScript

function sign(privatekey, msg) {
    var rsa = new RSAKey();
    rsa.readPrivateKeyFromPEMString(privatekey);
    let hSig = rsa.sign(msg, "sha256");
    let b64 = btoa(hSig.match(/\w{2}/g).map(function (a) { return String.fromCharCode(parseInt(a, 16)); }).join(""))
    return b64
}

Verify API request

1. base64 decode the signature from request header

   echo BASE64_ENCODED_SIG | base64 -d > sig

2. Verify signature

   openssl dgst -sha256 -verify pk/gen.public.pem -signature sig msg