API keys

Use API keys to authenticate API requests.

BanQ authenticates your API requests using your service's API keys.

  • If a request doesn't include a signature, BanQ returns an URL signature error.

  • If a request includes an invalid signature, BanQ returns a header signature error.

You can create API keys with the following instruction

RSA-2048 key pair

Create key pair

Create RSA-2048 key pair for your service.

mkdir pk
openssl genrsa -out pk/gen.private.key 2048
openssl rsa -in pk/gen.private.key \
	-outform PEM -pubout -out pk/gen.public.pem

Usage

Type
File
When to use

Private

pk/gen.private.key

On the server side: Use this key to authenticate your API request. Don't expose this key.

Public

pk/gen.public.pem

Provide this key for other service to verify API request (signed with the private key). Can be publicly accessible.

Authenticate API request

Using Shell Command

  1. Generate signature of the message with your key

    openssl dgst -sha256 -sign pk/gen.private.key msg > sig

  2. Fill base64 encoded signature in request header as X-Signature

    cat sig | base64

Using JavaScript

function sign(privatekey, msg) {
    var rsa = new RSAKey();
    rsa.readPrivateKeyFromPEMString(privatekey);
    let hSig = rsa.sign(msg, "sha256");
    let b64 = btoa(hSig.match(/\w{2}/g).map(function (a) { return String.fromCharCode(parseInt(a, 16)); }).join(""))
    return b64
}

Verify API request

  1. base64 decode the signature from request header

    echo BASE64_ENCODED_SIG | base64 -d > sig

  2. Verify signature

    openssl dgst -sha256 -verify pk/gen.public.pem -signature sig msg
PreviousUser rolesNextACT

Last updated