API keys

Use API keys to authenticate API requests.

RSA2048 key pair

  • Private key: Use this key to authenticate your API request.
  • Public key: Use this key to verify API request.
  • Create key pair
    mkdir pk
    openssl genrsa -out pk/gen.private.key 2048
    openssl rsa -in pk/gen.private.key \
    -outform PEM -pubout -out pk/gen.public.pem

Authenticated API request

  1. 1.
    Generate signature of the message with your key
    openssl dgst -sha256 -sign pk/gen.private.key msg > sig
  2. 2.
    Fill base64 encoded signature in request header as X-Signature
    cat sig | base64

Verify API request

  1. 1.
    base64 decode the signature from request header
    echo BASE64_ENCODED_SIG | base64 -d > sig
  2. 2.
    Verify signature
    openssl dgst -sha256 -verify pk/gen.public.pem -signature sig msg