-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issues with validating API keys #7
Comments
Note: Code is available at https://github.com/ZandercraftGames/beaverworx-api |
What's the request from the client to your API? |
It's not the right way, look the documentation https://github.com/arkerone/api-key-auth/blob/master/signature.md |
I read it, but I dont fully understand it. Give me a moment, I will re-read it. |
Im not seeing much other than the fact it says I have to use an encrypted signature in either hmac-sha1, hmac-sha256, or hmac-sha512 in the following format:
|
I'm agree with @ZandercraftGames that documentation is lacking on how to create Authorization header. There is information what it should contain, but how to create one, is missing. @arkerone perhaps You can update documentation with some straightforward guide or example? |
@sookoll Yeah, I literally just gave up and haven't really touched this since my last comment here. I just accepted the fact that I wouldn't get any form of straight-forward help here (at the time of posting). 🤷♂ |
@sookoll The documentation about the creation of the signature is here : https://github.com/arkerone/api-key-auth/blob/master/signature.md @ZandercraftGames You don't use the library properly. You must create the authorization header like the link above and send the header in the "Headers" tab on Postman if you want to test it.
I think if you are new in API creation this libary is a bit to hard for you. You have to be comfortable with HTTP protocol and the use of headers to use this library. I will create a client side library to simplify the use of this library. |
@arkerone Thank you for your response. I will try it the way you have described. 😄 |
@ZandercraftGames It's ok for you? |
can you provide an example of constructing the header? |
The answer is here 👍 |
This might help give a guide with the Signature process in postman: The comments in the image should explain the process that https://github.com/arkerone/api-key-auth/blob/master/signature.md explains @arkerone did you get anywhere with the "client-side library"? Is the code above the best practice for using api-key-auth? This would then be moved over to something like Axios. How would you hide the secret on the client app? Thanks for any help you can give! I'm new to doing this type of auth for express Postman "Pre-request script"
|
@DannnB your code looks good ! Unfortunately, I don't have anytime to create a lib for the client side. Don't use it for a "browser" authentication, this auth method must be used only to authenticated a service (server to server). To hide the secret you have severals solutions, you can save the secret on the environment variable or use a service like hashicorp vault or aws secrets manager |
When I attempt to authenticate with my API using the API key and secret that I have set, it throws the following error no matter what url path I attempt to connect to.
The text was updated successfully, but these errors were encountered: