Skip to content

This repository contains the code for getting authorisaton header of ONDC API from it's json data

Notifications You must be signed in to change notification settings

ishqDehlvi/ONDC-header-auth

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Signing & Verification of requests & responses Key pairs, for signing & encryption, can be generated using libsodium. Creating key pairs Create key pairs, for signing (ed25519) & encryption (X25519); Update base64 encoded public keys in registry; Utility to generate signing key pairs and test signing & verification is here; Auth Header Signing Generate UTF-8 byte array from json payload; Generate Blake2b hash from UTF-8 byte array; Create base64 encoding of Blake2b hash, this becomes the digest for signing; Sign the request, using your private signing key, and add the signature to the request authorization header, following steps documented here; Auth Header Verification Extract the digest from the encoded signature in the request; Get the signing_public_key from registry using lookup (by using the ukId in the authorization header); Create (UTF-8) byte array from the raw payload and generate Blake2b hash; Compare generated Blake2b hash with the decoded digest from the signature in the request; In case of failure to verify, HTTP error 401 should be thrown;

About

This repository contains the code for getting authorisaton header of ONDC API from it's json data

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages