Response verification signature #
Description #
This document mainly describes the verification of the and discovery values of the response body after the request is returned.
Response Header #
A normal request response header returns the fields necessary to validate the signature:
| Name | Description |
|---|---|
| X-HMAC-SIGNATURE | This is the signature calculated by the API gateway according to the parameters of the Response header. The request receiver needs to recalculate the signature according to the url of the request and response header. If the signature is consistent, the response verification passes. |
| X-HMAC-ALGORITHM | hmac-sha256 fixed value (Be consistent with the request header) |
| X-HMAC-ACCESS-KEY | Be consistent with the request header |
| X-HMAC-SIGNED-HEADERS | Be consistent with the request header |
| Accept-Language | en-US fixed value (Be consistent with the request header) |
| Content-Type | application/json fixed value (Be consistent with the request header) |
Example:
X-HMAC-SIGNATURE: M8w5ai017BnWLoUFjbR2zaqapxj1gXK+Unll6twlDmg=
X-HMAC-ALGORITHM: hmac-sha256
X-HMAC-ACCESS-KEY: user-key
X-HMAC-SIGNED-HEADERS: Accept-Language;Content-Type
Accept-Language: en-US
Content-Type: application/json
Check signature #
Using the response header information, the signature is recalculated according to the
Generating the signature document.
If the calculated signature is the same as the value of X-HMAC-SIGNATURE in the response header, the authentication succeeds