30 Request authentication

This chapter covers

Requirements of a request authentication system
Overview of digital signatures
Credential generation, registration, and signing
Fingerprinting HTTP requests
Communicating the details of a signature
Verifying signatures and authenticating HTTP requests

In this pattern, we’ll explore how and why to use public-private key exchange and digital signatures (https://en.wikipedia.org/wiki/Digital_signature) to authenticate all incoming API requests. This ensures that all inbound requests have guaranteed integrity and origin authenticity and that they cannot be later repudiated by the sender. While alternatives (e.g., shared secrets and HMAC; https://en.wikipedia .org/wiki/HMAC) are acceptable in the majority ...

Get API Design Patterns now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

API Design Patterns by John J. Geewax

30 Request authentication

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly