Help Center/ ROMA Connect/ User Guide (ME-Abu Dhabi Region)/ Service Integration Guide/ Configuring Signature Verification for Backend Services
Updated on 2023-07-26 GMT+08:00
View PDF

Configuring Signature Verification for Backend Services

Overview

Signature keys are used by backend services to verify the identity of ROMA Connect to ensure secure access.

A signature key consists of a key and a secret. The signature key takes effect only after it is bound to an API.

An API can be bound to only one signature key in an environment, but a signature key can be bound to multiple APIs.

After a signature key is bound to an API, ROMA Connect uses the key and secret in the signature key to add signature information to requests sent to the backend service of the API. In this case, the backend service needs to sign the request in the same way. If the signature is the same as that carried in the Authorization header of the request, the backend service determines that the request sent by ROMA Connect is valid.

Creating a Signature Key

  1. Log in to the ROMA Connect console. On the Instances page, click View Console next to a specific instance.
  2. In the navigation pane on the left, choose API Connect > API Management. On the Signature Keys tab page, click Create.
  3. In the Create Signature Key dialog box, configure signature key information.
    Table 1 Parameters for creating a signature key

    Parameter

    Description

    Name

    Enter a signature key name. It is recommended that you enter a name based on naming rules to facilitate search.

    Type

    Select the type of the signature key. The value can be hmac or basic.

    Key

    Enter the key information based on the value of Type.

    • If Type is set to hmac, enter the key in the key pair used for HMAC authentication.
    • If Type is set to basic, enter the username used for basic authentication.

    Secret

    Enter the secret information based on the value of Type.

    • If Type is set to hmac, enter the secret in the key pair used for HMAC authentication.
    • If Type is set to basic, enter the password used for basic authentication.

    Confirm Secret

    Enter the same secret again.
  4. Click OK.

    After the signature key is created, you also need to perform the operations described in Binding a Signature Key to an API to make the signature key take effect for the API.

Binding a Signature Key to an API

  1. Log in to the ROMA Connect console. On the Instances page, click View Console next to a specific instance.
  2. In the navigation pane on the left, choose API Connect > API Management. On the Signature Keys tab page, click Bind to API.
  3. On the Bind to API page, click Select API.
  4. In the Select API dialog box, select the APIs to which the signature key is to be bound in the specified environment.

    You can filter the required APIs by API group, environment, and API name.

  5. Click OK.

    After the API is bound with a signature key, sign the backend service and check whether the signature result is consistent with the signature carried in the Authorization header of the request. For details, see Signing Backend Services.