-
Notifications
You must be signed in to change notification settings - Fork 10
Open
Description
When I attempt to authenticate with my API using the API key and secret that I have set, it throws the following error no matter what url path I attempt to connect to.
<pre>MissingRequiredHeadersError: Missing required HTTP headers : authorization.<br> at Object.parseRequest (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\api-key-auth\lib\parser.js:31:13)<br> at middleware (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\api-key-auth\lib\index.js:42:32)<br> at Layer.handle [as handle_request] (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\layer.js:95:5)<br> at trim_prefix (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:317:13)<br> at C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:284:7<br> at Function.process_params (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:335:12)<br> at next (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:275:10)<br> at jsonParser (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\body-parser\lib\types\json.js:110:7)<br> at Layer.handle [as handle_request] (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\layer.js:95:5)<br> at trim_prefix (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:317:13)<br> at C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:284:7<br> at Function.process_params (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:335:12)<br> at next (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:275:10)<br> at urlencodedParser (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\body-parser\lib\types\urlencoded.js:91:7)<br> at Layer.handle [as handle_request] (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\layer.js:95:5)<br> at trim_prefix (C:\Users\ma394545\Desktop\GitHub\beaverworx-api\node_modules\express\lib\router\index.js:317:13)</pre>
Activity
ZandercraftGames commentedon Feb 8, 2020
Note: Code is available at https://github.com/ZandercraftGames/beaverworx-api
arkerone commentedon Feb 8, 2020
What's the request from the client to your API?
ZandercraftGames commentedon Feb 8, 2020
I am new to API creation, so I apologise in advance for my lack of knowledge in the field.
P.S. The API key and secret are going to be changed before being put into production.
arkerone commentedon Feb 8, 2020
It's not the right way, look the documentation https://github.com/arkerone/api-key-auth/blob/master/signature.md
ZandercraftGames commentedon Feb 8, 2020
I read it, but I dont fully understand it. Give me a moment, I will re-read it.
ZandercraftGames commentedon Feb 8, 2020
Im not seeing much other than the fact it says I have to use an encrypted signature in either hmac-sha1, hmac-sha256, or hmac-sha512 in the following format:
ZandercraftGames commentedon Feb 8, 2020
But how do I create a signature based on the instructions in "Signature creation", and how does it tie into the API key system of the following:

sookoll commentedon Apr 6, 2020
I'm agree with @ZandercraftGames that documentation is lacking on how to create Authorization header. There is information what it should contain, but how to create one, is missing. @arkerone perhaps You can update documentation with some straightforward guide or example?
ZandercraftGames commentedon Apr 6, 2020
@sookoll Yeah, I literally just gave up and haven't really touched this since my last comment here. I just accepted the fact that I wouldn't get any form of straight-forward help here (at the time of posting). 🤷♂
arkerone commentedon Apr 6, 2020
@sookoll The documentation about the creation of the signature is here : https://github.com/arkerone/api-key-auth/blob/master/signature.md
I describe the part of the authorization header.
@ZandercraftGames You don't use the library properly. You must create the authorization header like the link above and send the header in the "Headers" tab on Postman if you want to test it.
In order you must :
I think if you are new in API creation this libary is a bit to hard for you. You have to be comfortable with HTTP protocol and the use of headers to use this library.
I will create a client side library to simplify the use of this library.
ZandercraftGames commentedon Apr 8, 2020
@arkerone Thank you for your response. I will try it the way you have described. 😄
arkerone commentedon Apr 27, 2020
@ZandercraftGames It's ok for you?
ghost commentedon Jun 3, 2020
can you provide an example of constructing the header?
marquitobb commentedon Jul 15, 2020
PanagiotisCY commentedon Aug 25, 2020
The answer is here 👍
https://tools.ietf.org/html/draft-cavage-http-signatures-09#section-1.1
mcnaveen commentedon Sep 13, 2020
Facing "MissingRequiredHeadersError: Missing required HTTP headers : authorization."
DannnB commentedon Mar 30, 2021
This might help give a guide with the Signature process in postman:
I'm only just trying to use this package right now so don't take my code for production.
The comments in the image should explain the process that https://github.com/arkerone/api-key-auth/blob/master/signature.md explains

@arkerone did you get anywhere with the "client-side library"? Is the code above the best practice for using api-key-auth? This would then be moved over to something like Axios. How would you hide the secret on the client app?
Thanks for any help you can give! I'm new to doing this type of auth for express
Postman "Pre-request script"
arkerone commentedon Apr 2, 2021
@DannnB your code looks good ! Unfortunately, I don't have anytime to create a lib for the client side. Don't use it for a "browser" authentication, this auth method must be used only to authenticated a service (server to server). To hide the secret you have severals solutions, you can save the secret on the environment variable or use a service like hashicorp vault or aws secrets manager