Scribd Logo
Upload

Welcome to Scribd!

  • StradusRequestSignaturesAPI V3.2

    Uploaded by

    dixit
    29 views3 pages
    Most Stradus APIs use signed requests to ensure only authorized parties can send requests or modify them. Signatures are calculated over the request body or URL query depending on the API. Signatures use HMAC with SHA256 and the Base64 encoded API key to validate requests come from authorized systems. Stradus provides the API key and code samples are given to generate signatures in C# and Java.

    Original Description:

    Original Title

    StradusRequestSignaturesAPI_V3.2 (1)

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Most Stradus APIs use signed requests to ensure only authorized parties can send requests or modify them. Signatures are calculated over the request body or URL query depending on the API. Signatures use HMAC with SHA256 and the Base64 encoded API key to validate requests come from authorized systems. Stradus provides the API key and code samples are given to generate signatures in C# and Java.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    29 views3 pages

    StradusRequestSignaturesAPI V3.2

    Uploaded by

    dixit
    Most Stradus APIs use signed requests to ensure only authorized parties can send requests or modify them. Signatures are calculated over the request body or URL query depending on the API. Signatures use HMAC with SHA256 and the Base64 encoded API key to validate requests come from authorized systems. Stradus provides the API key and code samples are given to generate signatures in C# and Java.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 3

    Stradus API Request Signatures

    Version 3.2, January 2021

    Request Signatures

    Most Stradus APIs used for integration with external systems use signed requests. This ensures that no
    third party can send unauthorized requests, or can modify requests. Sending passwords or keys with the
    request would enable man in the middle attacks (MITM). Using signatures ensures that communication
    between Stradus and external systems can only be done by authorized parties knowing the secret key.

    Signature Creation
    Depending on the API the signature is calculated over the request body, or over the query part of the
    URL. Please see the specific API document for details.

    Note that query strings needs to be formatted exactly as described in the API document, as otherwise
    the signatures will be different and the API calls will fail.

    SIGNATURE is an HMAC computed over binary data or over an UTF8 encoded json payload string (called
    data in code sample below) using the SHA256 algorithm and then encoded using Base64 encoding.

    Stradus will of course provide the API key that provides access. API key should be configurable in the
    external system. Note that the key is customer specific. Stradus will provide they key as a string (Hex
    encoded).

    Note that SIGNATURE needs to correctly be URL encoded for creating the query string.

    Copyright Stradus 2018-2021, Confidential, Not for Redistribution


    Stradus API Request Signatures
    Version 3.2, January 2021

    Signature Code: String Data


    For your convenience, here is the C# and JAVA code that will generate the signature for strings.
    key: is the secret key Stradus will provide
    data: is the json payload string

    C#:

    public static string GetSignature(string key, string data)


    {
    int numberChars = key.Length;
    byte[] bytes = new byte[numberChars / 2];
    for (int i = 0; i < numberChars; i += 2)
    bytes[i / 2] = Convert.ToByte(key.Substring(i, 2), 16);

    using (HashAlgorithm hashAlgorithm = new HMACSHA256(bytes))


    {
    byte[] buffer = Encoding.UTF8.GetBytes(data);
    return Convert.ToBase64String(hashAlgorithm.ComputeHash(buffer));
    }
    }

    JAVA:

    public static String getSignature(String key, String data) throws Exception {

    Mac sha256_HMAC = Mac.getInstance("HmacSHA256");

    SecretKeySpec secret_key = new SecretKeySpec(DatatypeConverter.parseHexBinary(key),


    "HmacSHA256");

    sha256_HMAC.init(secret_key);

    return Base64.encodeBase64String(sha256_HMAC.doFinal(data.getBytes("UTF-8")));

    Copyright Stradus 2018-2021, Confidential, Not for Redistribution


    Stradus API Request Signatures
    Version 3.2, January 2021

    Signature Code: Binary Data


    For your convenience, here is the C# and JAVA code that will generate the signature for byte arrays.
    key: is the secret key Stradus will provide
    data: is the json payload string

    C#:

    public static string GetSignature(string key, byte[] data)


    {
    int numberChars = key.Length;
    byte[] bytes = new byte[numberChars / 2];
    for (int i = 0; i < numberChars; i += 2)
    bytes[i / 2] = Convert.ToByte(key.Substring(i, 2), 16);

    using (HashAlgorithm hashAlgorithm = new HMACSHA256(bytes))


    {
    return Convert.ToBase64String(hashAlgorithm.ComputeHash(data));
    }
    }

    JAVA:

    public static String getSignature(String key, byte[] data) throws Exception {

    Mac sha256_HMAC = Mac.getInstance("HmacSHA256");

    SecretKeySpec secret_key = new SecretKeySpec(DatatypeConverter.parseHexBinary(key),


    "HmacSHA256");

    sha256_HMAC.init(secret_key);

    return Base64.encodeBase64String(sha256_HMAC.doFinal(data));

    Copyright Stradus 2018-2021, Confidential, Not for Redistribution

    You might also like