Help Center/ ROMA Connect/ User Guide/ Service Integration Guide (Old Edition)/ Configuring Signature Verification for Backend Services
Updated on 2023-05-17 GMT+08:00

Configuring Signature Verification for Backend Services

Overview

Signature keys are used by backend services to verify the identity of ROMA Connect.

A signature key consists of a key and a secret. The signature key takes effect only after it is bound to an API.

An API can be bound to only one signature key in an environment, but a signature key can be bound to multiple APIs.

After a signature key is bound to an API, ROMA Connect uses the key and secret in the signature key to add signature information to requests sent to the backend service of the API. The backend service needs to sign the requests in the same way. If the signature is the same as that included in the Authorization header of the requests, the backend service determines that the requests sent by ROMA Connect are valid.

Creating a Signature Key

  1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
  2. In the navigation pane on the left, choose API Connect > API Management. On the Signature Keys tab page, click Create.
  3. In the Create Signature Key dialog box, configure signature key information.
    Table 1 Parameters for creating a signature key

    Parameter

    Description

    Name

    Enter a signature key name. It is recommended that you enter a name based on naming rules to facilitate search.

    Type

    Select the type of the signature key. The options are hmac, aes, and basic.

    Key

    Set the key based on the signature key type you have selected.

    • If Type is set to hmac, enter the key in the key pair used for HMAC authentication.
    • If Type is set to basic, enter the username used for basic authentication.
    • If Type is set to aes, enter the key used for AES authentication.

    Signature Algorithm

    Select an AES signature algorithm. Options:

    • aes-128-cfb
    • aes-256-cfb

    Secret

    Set the key based on the signature key type you have selected.

    • If Type is set to hmac, enter the secret in the key pair used for HMAC authentication.
    • If Type is set to basic, enter the password used for basic authentication.
    • If Type is set to aes, enter the vector used for AES authentication.

    Confirm Secret

    Enter the same secret again.

  4. Click OK.

    After the signature key is created, you also need to perform the operations described in Binding a Signature Key to an API to make the signature key take effect for the API.

Binding a Signature Key to an API

  1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
  2. In the navigation pane on the left, choose API Connect > API Management. On the Signature Keys tab page, click Bind to API.
  3. On the Bind to API page, click Select API.
  4. In the Select API dialog box, select the APIs to which the signature key is to be bound in the specified environment.

    APIs can be filtered by API group, environment, and API name.

  5. Click OK.

Configuring Signature Verification for Backend Services

After binding a signature key to APIs, develop signature verification for backend services to verify request signatures. For details, see Developing Signature Verification for Backend Services.