Client libraries
Request signatures
All outgoing HTTP requests has the
User-Agent header set to Serialized/1.0 and includes a Serialized specific signature header that can be used to verify the request’s authenticity.The header is named
Serialized-Request-Signature and contains a HMAC calculated using the HmacSHA256 algorithm, specified in RFC 2104 and FIPS PUB 180-2.Request types
The different request types are signed with different default keys. See the definition documentation for each type for details on how to provide you own custom signing secret.
Request type
Default signing key
Reaction
Reaction definition name
Projection
Projection definition name
Example
Java/Jersey/Dropwizard
1
import org.apache.commons.codec.digest.*;
2
import javax.ws.rs.*;
3
​
4
@POST
5
@Path("notifications")
6
public Response performNotification(@Context HttpHeaders headers, String body) {
7
String signingKey = "notify-on-order-shipped";
8
String receivedSignature = headers.getHeaderString("Serialized-Request-Signature");
9
String calculatedSignature = new HmacUtils(HMAC_SHA_256, signingKey).hmacHex(body);
10
​
11
if (!calculatedSignature.equals(receivedSignature)) {
12
throw new WebApplicationException(BAD_REQUEST);
13
}
14
​
15
...
16
}
Copied!
Last modified 1yr ago
Copy link