API Signature

This document describe how to make Api Signature for developer, they will using this signature when call to our api.

What is Signature?

In API calls between the partner's backend and the Apero's backend. Apero uses a signature to be able to identify which backend is making calls to the Apero's's backend. This signature is calculated by taking the shasum of some data and an API secret issued to the partner

Request header

Header Field	Description
X-Api-Signature	Secret string was encrypted using PublicKey (data and encryption described below)
X-Api-Timestamp	Timestamp of when request was sent (UTC timestamp) Client actively generates this value

Header Field

Description

X-Api-Signature

Secret string was encrypted using PublicKey (data and encryption described below)

X-Api-Timestamp

Timestamp of when request was sent (UTC timestamp) Client actively generates this value

What we provide to you

We will provide to you PublicKey and KeyId. In mode develop, you can use our free key below.

KeyId: 123456789

451B

public_key

Hint

This PublicKey and KeyId is free and it's only valid on development environment

How to encrypt?

You need to using PublicKey to encrypt your payload

Encryption configuration

Field	Config
padding	RSA_PKCS1_PADDING
oaepHash	sha256
key	public_key
passPhase	empty string

Field

Config

padding

RSA_PKCS1_PADDING

oaepHash

sha256

key

public_key

passPhase

empty string

const signature = crypto.publicEncrypt(
      {
        key: PUBLIC_KEY,
        passphrase: '',
        padding: crypto.constants.RSA_PKCS1_PADDING,
        oaepHash: 'sha256',
      },
      Buffer.from(payloadScheme),
)

Payload scheme

Payload scheme is the content that you encrypt. You must follow the structure we defined below.

timestamp@@@keyid@@@nonce

Timestamp

Timestamp of when request was sent (UTC timestamp). This value must be same with X-Api-Timestamp

KeyId

KeyId was using to detect which client call to our server. This value must be same with X-Api-KeyId

Nonce

An random integer number in range 0 to 1000000. This number will be generated by client. For every requests, must re-generate this number again.

const timestamp = new Date().getTime();
const keyId = "123456789";
const nonce = Math.floor(Math.random() * 1000000); // generate int number 0->1000000
const payloadScheme = `${timestamp}@@@${keyId}@@@${nonce}`;

Error code

Status code	Error code	Description
400	signature-header.require	Your X-Api-* was not set in header
400	signature.error-decrypt	Can not encrypted your signature
400	signature.invalid-timestamp	Your Timestamp was invalid because expired
400	signature.invalid-scheme-payload	The payload encoding is malformed

Status code

Error code

Description

400

signature-header.require

Your X-Api-* was not set in header

400

signature.error-decrypt

Can not encrypted your signature

400

signature.invalid-timestamp

Your Timestamp was invalid because expired

400

signature.invalid-scheme-payload

The payload encoding is malformed

PreviousAI Chat PDF NextEnhanced security

Last updated 2 months ago