Configuring Signature Verification for Backend Services
Signature keys are used by backend services to identify ROMA Connect.
A signature key consists of a key and a secret. The signature key takes effect only after it is bound to an API.
An API can be bound to only one signature key in an environment, but a signature key can be bound to multiple APIs.
After a signature key is bound to an API, ROMA Connect uses its key and secret to add signature information to requests sent to the backend service of the API. The backend service needs to sign the requests in the same way. If the signature matches what is included in the Authorization header of the requests, the backend service validates the requests sent by ROMA Connect.
Creating a Signature Key
- Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
- In the navigation pane on the left, choose API Connect > API Policies. On the Policies tab, click Create Policy.
- On the Select Policy Type page, select Signature Key in the Traditional Policy area.
- Configure signature key information.
Table 1 Signature key configuration Parameter
Description
Name
Enter a signature key name. Using naming rules facilitates future search.
Type
Authentication type.
Options: HMAC, AES, Basic auth
Signature Algorithm
AES signature algorithm.
Options: aes-128-cfb or aes-256-cfb
Key
Set the key based on the signature key type you have selected.
- Type is HMAC: Enter the key of the key pair for hash-based message authentication code (HMAC) authentication.
- Type is Basic auth: Enter the username for authentication.
- Type is AES: Enter the key for authentication.
Secret
Set the key based on the signature key type you have selected.
- Type is HMAC: Enter the secret of the key pair for authentication.
- Type is Basic auth: Enter the password for authentication.
- Type is AES: Enter the vector for authentication.
Confirm Secret
Enter the same secret again.
- Click OK.
After the signature key is created, perform Binding a Signature Key to an API for the signature key to take effect for the API.
Binding a Signature Key to an API
- On the Policies tab, filter policies by Signature Key.
- Click the name of a policy to go to the details page.
- On the APIs tab, select the environment of the APIs you want to bind the policy to and click Bind to APIs.
- On the page displayed, select the APIs to bind the signature key to.
- Click OK.
Configuring Signature Verification for Backend Services
After binding a signature key to APIs, develop signature verification for backend services to verify request signatures. For details, see Developing Signature Verification for Backend Services.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
