Professional Documents
Culture Documents
StradusRequestSignaturesAPI V3.2
StradusRequestSignaturesAPI V3.2
Request Signatures
Most Stradus APIs used for integration with external systems use signed requests. This ensures that no
third party can send unauthorized requests, or can modify requests. Sending passwords or keys with the
request would enable man in the middle attacks (MITM). Using signatures ensures that communication
between Stradus and external systems can only be done by authorized parties knowing the secret key.
Signature Creation
Depending on the API the signature is calculated over the request body, or over the query part of the
URL. Please see the specific API document for details.
Note that query strings needs to be formatted exactly as described in the API document, as otherwise
the signatures will be different and the API calls will fail.
SIGNATURE is an HMAC computed over binary data or over an UTF8 encoded json payload string (called
data in code sample below) using the SHA256 algorithm and then encoded using Base64 encoding.
Stradus will of course provide the API key that provides access. API key should be configurable in the
external system. Note that the key is customer specific. Stradus will provide they key as a string (Hex
encoded).
Note that SIGNATURE needs to correctly be URL encoded for creating the query string.
C#:
JAVA:
sha256_HMAC.init(secret_key);
return Base64.encodeBase64String(sha256_HMAC.doFinal(data.getBytes("UTF-8")));
C#:
JAVA:
sha256_HMAC.init(secret_key);
return Base64.encodeBase64String(sha256_HMAC.doFinal(data));