Forum Discussion

prometheus's avatar
prometheus
Occasional Contributor
3 years ago
Solved

sign and encrypt the request value?

Dear all

 

I need to test a REST API via HTTPS, 

Between communication with server, certificate , encryption , decryption sometimes are necessary.

 

There are several input values in a request,

one of the requests should be signed with the private key.

Another value should  be encrypted with session key and the session key should be made by client.

 

How could I handle this kind of request? Use Event Handler?

 

Thanks 

 

kind regrads

 

Prometheus

How could I create a session key?

 

 

 

  • Hey prometheus,

    To answer your specific question:
    No, i wouldnt expect you to use event handlers to do anything related to your authentication/authorisation.

    We'd need A LOT more information before we could give specifics (so the more info you provide, the more effective people's help will be) cos the subject of authentication/authorisation is huge and there are many different ways of doing the same thing.

    For example. You mention that one of your requests needs to be signed by a private key. I once tested something i was told also needed signing by a private key. So when i thought about private keys i started thinking "ok so there must be a public key component, so we're talking some usage of assymetric encryption, blah, blah, blah", but in the end i discovered there was a private key (an alpha numeric value) that was added as an HTTP header all the hashing and subsequent process needed to generate the signature was completely bastracted out and i didnt have to do anything except add a value to a header....That was it!

    I kmow i havent helped per se, but hopefully ive given a bit of context.

    Ta

    Rich

2 Replies

  • richie's avatar
    richie
    Community Hero
    Hey prometheus,

    To answer your specific question:
    No, i wouldnt expect you to use event handlers to do anything related to your authentication/authorisation.

    We'd need A LOT more information before we could give specifics (so the more info you provide, the more effective people's help will be) cos the subject of authentication/authorisation is huge and there are many different ways of doing the same thing.

    For example. You mention that one of your requests needs to be signed by a private key. I once tested something i was told also needed signing by a private key. So when i thought about private keys i started thinking "ok so there must be a public key component, so we're talking some usage of assymetric encryption, blah, blah, blah", but in the end i discovered there was a private key (an alpha numeric value) that was added as an HTTP header all the hashing and subsequent process needed to generate the signature was completely bastracted out and i didnt have to do anything except add a value to a header....That was it!

    I kmow i havent helped per se, but hopefully ive given a bit of context.

    Ta

    Rich

  • richie's avatar
    richie
    Community Hero
    Hey prometheus,

    I will respond properly in a little while if no one else has answered. Sorry. Still stuck in work

    Cheers

    Rich