API Signature
This document describe how to make Api Signature for developer, they will using this signature when call to our api.
What is Signature?
In API calls between the partner's backend and the Apero's backend. Apero uses a signature to be able to identify which backend is making calls to the Apero's's backend. This signature is calculated by taking the shasum of some data and an API secret issued to the partner
Request header
Header Field | Description |
---|---|
X-Api-Signature | Secret string was encrypted using PublicKey (data and encryption described below) |
X-Api-Timestamp | Timestamp of when request was sent (UTC timestamp) Client actively generates this value |
What we provide to you
We will provide to you PublicKey and KeyId. In mode develop, you can use our free key below.
KeyId: 123456789
How to encrypt?
You need to using PublicKey to encrypt your payload
Encryption configuration
Field | Config |
---|---|
padding | RSA_PKCS1_PADDING |
oaepHash | sha256 |
key | public_key |
passPhase | empty string |
Payload scheme
Payload scheme is the content that you encrypt. You must follow the structure we defined below.
Error code
Status code | Error code | Description |
---|---|---|
400 | signature-header.require | Your X-Api-* was not set in header |
400 | signature.error-decrypt | Can not encrypted your signature |
400 | signature.invalid-timestamp | Your Timestamp was invalid because expired |
400 | signature.invalid-scheme-payload | The payload encoding is malformed |
Last updated