![]() ![]() ![]() Request origination: The request comes to the server from a trusted client.Data integrity: It means the data sent by the client to the server has not tampered.The main uses of HMAC Authentication in Web API are as follows. If both the hashes are matched then the server will consider this request as a valid request and proceed else it simply returns unauthorized. Once the hash ( unique HMAC Signature) is generated by the server, then it is going to compare with the hash received from the client. While the Server Generating the hash, it needs to use the same Private Secret API Key (which is used by the client) which was initially shared between the client and the server. ![]() Once the server receives the request, then it tries to generate the hash (unique HMAC Signature) by using the data received from the client request. The Request Data contains the Public APP Id, request URI, request content, HTTP method type, timestamp, and nonce by using the Private Secret API Key (this key is not going to be sent in the request). ![]() Usually, we need to creates the HMAC Signature (hash) by combining the request data. Once the Client get the keys, then it is the responsibility of the client to generate a unique HMAC signature (you can also say hash) which not only contain the request data but also contains all the necessary information which are required by the server to process the request and then the client send it to the server. Once the keys are generated then it is the responsibility of the Server to provide these keys to the Client using a secure channel like email and this should be done only once and that is too when the client registers with the server. What are the Keys used in HMAC Authentication in Web API?įirst of all, the server needs to generate two keys one is Public Shared APP ID and the other one is Private Secret API Key. Moreover that Shared Secret Key must be shared between the Client and the Server involved in sending and receiving the data. The most important thing that we need to keep in mind is that while generating the Message Authentication Code using Hash Function we need to use a Shared Secret Key. So HMAC is a mechanism which is used for creating a Message Authentication Code by using a Hash Function. From the full form of HMAC, we need to understand two things one is Message Authentication Code and the other one is Hash-Based. The HMAC stands for Hash-based Message Authentication Code.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |