Skip to main content

A simple Django package to facilitate request signing.

Project description

DRF Simple API Signing (SASigning) Introduction

STATUS

  • First Release (29 July 2018)

API Signing Benefits

  1. Identity Verification: You are sure that the request is coming from who you are expecting.
  2. You are sure that the message is not altered in communication channels.
  3. You can prevent relay attack (optional).

API Signing Workflow

Pseudo code explaining steps of API Signing Check in API:

1. Read a signature from header.
2. Construct the message. It may consist of
   * Secret Key
   * Request Method (PUT, GET, POST, ..)
   * URL Endpoint.
   * Request Body.
   * other arguments
those parameters are concatenated and separated by **delimeter** symbol.
3. Hash it with SHA256 using the Secret Key.

What SASigning Do?

SASigning provides an easy way to configure your API to accept, check and define signatures. It allows you to review plugin the signature checking in your flow.

SASIGNING DOCUMENTATION

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

drf-simple-api-signing-1.0.2.tar.gz (207.7 kB view hashes)

Uploaded source

Built Distribution

Supported by

AWS AWS Cloud computing Datadog Datadog Monitoring Facebook / Instagram Facebook / Instagram PSF Sponsor Fastly Fastly CDN Google Google Object Storage and Download Analytics Huawei Huawei PSF Sponsor Microsoft Microsoft PSF Sponsor NVIDIA NVIDIA PSF Sponsor Pingdom Pingdom Monitoring Salesforce Salesforce PSF Sponsor Sentry Sentry Error logging StatusPage StatusPage Status page