Forum Discussion

prometheus's avatar
prometheus
Occasional Contributor
4 years ago

sign and encrypt the request value?

Dear all   I need to test a REST API via HTTPS,  Between communication with server, certificate , encryption , decryption sometimes are necessary.   There are several input values in a request, ...
Configuration
Editors
Function Tests
Performance Tests
REST
Security Tests
Test Setup
  • richie's avatar
    richie
    4 years ago
    Hey prometheus,

    To answer your specific question:
    No, i wouldnt expect you to use event handlers to do anything related to your authentication/authorisation.

    We'd need A LOT more information before we could give specifics (so the more info you provide, the more effective people's help will be) cos the subject of authentication/authorisation is huge and there are many different ways of doing the same thing.

    For example. You mention that one of your requests needs to be signed by a private key. I once tested something i was told also needed signing by a private key. So when i thought about private keys i started thinking "ok so there must be a public key component, so we're talking some usage of assymetric encryption, blah, blah, blah", but in the end i discovered there was a private key (an alpha numeric value) that was added as an HTTP header all the hashing and subsequent process needed to generate the signature was completely bastracted out and i didnt have to do anything except add a value to a header....That was it!

    I kmow i havent helped per se, but hopefully ive given a bit of context.

    Ta

    Rich

richie's avatar
richie
Community Hero
4 years ago
Hey prometheus,

To answer your specific question:
No, i wouldnt expect you to use event handlers to do anything related to your authentication/authorisation.

We'd need A LOT more information before we could give specifics (so the more info you provide, the more effective people's help will be) cos the subject of authentication/authorisation is huge and there are many different ways of doing the same thing.

For example. You mention that one of your requests needs to be signed by a private key. I once tested something i was told also needed signing by a private key. So when i thought about private keys i started thinking "ok so there must be a public key component, so we're talking some usage of assymetric encryption, blah, blah, blah", but in the end i discovered there was a private key (an alpha numeric value) that was added as an HTTP header all the hashing and subsequent process needed to generate the signature was completely bastracted out and i didnt have to do anything except add a value to a header....That was it!

I kmow i havent helped per se, but hopefully ive given a bit of context.

Ta

Rich