Serialized Documentation
Serialized Documentation
Console
Plans & Pricing
Sign up
Welcome to Serialized
Basics
Accounts
Projects
Authentication
Rate limiting
Getting started
APIS
Event Sourcing API
Feeds API
Reactions API
Projections API
Tenants API
Client libraries
Java client
Javascript client
Go client (unofficial)
Tools
Swagger API Definition
Advanced
Multi-Tenancy
Encrypting Event data
Conditional requests
Request signatures
Powered by GitBook

Request signatures

All outgoing HTTP requests has the User-Agent header set to Serialized/1.0 and includes a Serialized specific signature header that can be used to verify the request’s authenticity.

The header is named Serialized-Request-Signature and contains a HMAC calculated using the HmacSHA256 algorithm, specified in RFC 2104 and FIPS PUB 180-2.

Request types

The different request types are signed with different default keys. See the definition documentation for each type for details on how to provide you own custom signing secret.

Request type

Default signing key

Reaction

Reaction definition name

Projection

Projection definition name

Example

Java/Jersey/Dropwizard
Java/Jersey/Dropwizard
    import org.apache.commons.codec.digest.*;
    import javax.ws.rs.*;
    @POST
    @Path("notifications")
    public Response performNotification(@Context HttpHeaders headers, String body) {
      String signingKey = "notify-on-order-shipped";
      String receivedSignature = headers.getHeaderString("Serialized-Request-Signature");
      String calculatedSignature = new HmacUtils(HMAC_SHA_256, signingKey).hmacHex(body);
      if (!calculatedSignature.equals(receivedSignature)) {
        throw new WebApplicationException(BAD_REQUEST);
      }
      ...
    }
Advanced - Previous
Conditional requests
Last updated 8 months ago
Edit on GitHub
Contents
Request types
Example