Ask a Question

sign and encrypt the request value?

prometheus
Occasional Contributor

sign and encrypt the request value?

Dear all

 

I need to test a REST API via HTTPS, 

Between communication with server, certificate , encryption , decryption sometimes are necessary.

 

There are several input values in a request,

one of the requests should be signed with the private key.

Another value should  be encrypted with session key and the session key should be made by client.

 

How could I handle this kind of request? Use Event Handler?

 

Thanks 

 

kind regrads

 

Prometheus

How could I create a session key?

 

 

 

2 REPLIES 2
richie
Community Hero

Re: sign and encrypt the request value?

Hey @prometheus,

I will respond properly in a little while if no one else has answered. Sorry. Still stuck in work

Cheers

Rich
if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
richie
Community Hero

Re: sign and encrypt the request value?

Hey @prometheus,

To answer your specific question:
No, i wouldnt expect you to use event handlers to do anything related to your authentication/authorisation.

We'd need A LOT more information before we could give specifics (so the more info you provide, the more effective people's help will be) cos the subject of authentication/authorisation is huge and there are many different ways of doing the same thing.

For example. You mention that one of your requests needs to be signed by a private key. I once tested something i was told also needed signing by a private key. So when i thought about private keys i started thinking "ok so there must be a public key component, so we're talking some usage of assymetric encryption, blah, blah, blah", but in the end i discovered there was a private key (an alpha numeric value) that was added as an HTTP header all the hashing and subsequent process needed to generate the signature was completely bastracted out and i didnt have to do anything except add a value to a header....That was it!

I kmow i havent helped per se, but hopefully ive given a bit of context.

Ta

Rich

if this helped answer the post, could you please mark it as 'solved'? Also if you consider whether the title of your post is relevant? Perhaps if the post is solved, it might make sense to update the Subject header field of the post to something more descriptive? This will help people when searching for problems. Ta
cancel
Showing results for 
Search instead for 
Did you mean: