Configuring Signature Verification for Backend Services
Overview
Signature keys are used by backend services to verify the identity of ROMA Connect.
A signature key consists of a key and a secret. The signature key takes effect only after it is bound to an API.
An API can be bound to only one signature key in an environment, but a signature key can be bound to multiple APIs.
After a signature key is bound to an API, ROMA Connect uses the key and secret in the signature key to add signature information to requests sent to the backend service of the API. The backend service needs to sign the requests in the same way. If the signature is the same as that included in the Authorization header of the requests, the backend service determines that the requests sent by ROMA Connect are valid.
Creating a Signature Key
- Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
- In the navigation pane on the left, choose API Connect > API Management. On the Signature Keys tab page, click Create.
- In the Create Signature Key dialog box, configure signature key information.
Table 1 Parameters for creating a signature key Parameter
Description
Name
Enter a signature key name. It is recommended that you enter a name based on naming rules to facilitate search.
Type
Select the type of the signature key. The options are hmac, aes, and basic.
Key
Set the key based on the signature key type you have selected.
- If Type is set to hmac, enter the key in the key pair used for HMAC authentication.
- If Type is set to basic, enter the username used for basic authentication.
- If Type is set to aes, enter the key used for AES authentication.
Signature Algorithm
Select an AES signature algorithm. Options:
- aes-128-cfb
- aes-256-cfb
Secret
Set the key based on the signature key type you have selected.
- If Type is set to hmac, enter the secret in the key pair used for HMAC authentication.
- If Type is set to basic, enter the password used for basic authentication.
- If Type is set to aes, enter the vector used for AES authentication.
Confirm Secret
Enter the same secret again.
- Click OK.
After the signature key is created, you also need to perform the operations described in Binding a Signature Key to an API to make the signature key take effect for the API.
Binding a Signature Key to an API
- Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
- In the navigation pane on the left, choose API Connect > API Management. On the Signature Keys tab page, click Bind to API.
- On the Bind to API page, click Select API.
- In the Select API dialog box, select the APIs to which the signature key is to be bound in the specified environment.
APIs can be filtered by API group, environment, and API name.
- Click OK.
Configuring Signature Verification for Backend Services
After binding a signature key to APIs, develop signature verification for backend services to verify request signatures. For details, see Developing Signature Verification for Backend Services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
