Help Center/ ROMA Connect/ User Guide/ Service Integration Guide/ Configuring Signature Verification for Backend Services
Updated on 2023-05-17 GMT+08:00

Configuring Signature Verification for Backend Services

Signature keys are used by backend services to identify ROMA Connect.

A signature key consists of a key and a secret. The signature key takes effect only after it is bound to an API.

An API can be bound to only one signature key in an environment, but a signature key can be bound to multiple APIs.

After a signature key is bound to an API, ROMA Connect uses its key and secret to add signature information to requests sent to the backend service of the API. The backend service needs to sign the requests in the same way. If the signature matches what is included in the Authorization header of the requests, the backend service validates the requests sent by ROMA Connect.

Creating a Signature Key

  1. Log in to the ROMA Connect console. On the Instances page, click View Console of an instance.
  2. In the navigation pane on the left, choose API Connect > API Policies. On the Policies tab, click Create Policy.
  3. On the Select Policy Type page, select Signature Key in the Traditional Policy area.
  4. Configure signature key information.
    Table 1 Signature key configuration

    Parameter

    Description

    Name

    Enter a signature key name. Using naming rules facilitates future search.

    Type

    Authentication type.

    Options: HMAC, AES, Basic auth

    Signature Algorithm

    AES signature algorithm.

    Options: aes-128-cfb or aes-256-cfb

    Key

    Set the key based on the signature key type you have selected.

    • Type is HMAC: Enter the key of the key pair for hash-based message authentication code (HMAC) authentication.
    • Type is Basic auth: Enter the username for authentication.
    • Type is AES: Enter the key for authentication.

    Secret

    Set the key based on the signature key type you have selected.

    • Type is HMAC: Enter the secret of the key pair for authentication.
    • Type is Basic auth: Enter the password for authentication.
    • Type is AES: Enter the vector for authentication.

    Confirm Secret

    Enter the same secret again.

  5. Click OK.

    After the signature key is created, perform Binding a Signature Key to an API for the signature key to take effect for the API.

Binding a Signature Key to an API

  1. On the Policies tab, filter policies by Signature Key.
  2. Click the name of a policy to go to the details page.
  3. On the APIs tab, select the environment of the APIs you want to bind the policy to and click Bind to APIs.
  4. On the page displayed, select the APIs to bind the signature key to.

    APIs can be filtered by API group and API name.

  5. Click OK.

Configuring Signature Verification for Backend Services

After binding a signature key to APIs, develop signature verification for backend services to verify request signatures. For details, see Developing Signature Verification for Backend Services.