sign and encrypt the request value?
I need to test a REST API via HTTPS,
Between communication with server, certificate , encryption , decryption sometimes are necessary.
There are several input values in a request,
one of the requests should be signed with the private key.
Another value should be encrypted with session key and the session key should be made by client.
How could I handle this kind of request? Use Event Handler?
How could I create a session key?
- Hey prometheus,
To answer your specific question:
No, i wouldnt expect you to use event handlers to do anything related to your authentication/authorisation.
We'd need A LOT more information before we could give specifics (so the more info you provide, the more effective people's help will be) cos the subject of authentication/authorisation is huge and there are many different ways of doing the same thing.
For example. You mention that one of your requests needs to be signed by a private key. I once tested something i was told also needed signing by a private key. So when i thought about private keys i started thinking "ok so there must be a public key component, so we're talking some usage of assymetric encryption, blah, blah, blah", but in the end i discovered there was a private key (an alpha numeric value) that was added as an HTTP header all the hashing and subsequent process needed to generate the signature was completely bastracted out and i didnt have to do anything except add a value to a header....That was it!
I kmow i havent helped per se, but hopefully ive given a bit of context.