francodacosta / caparica
secure your REST api with signed requests
Installs: 31 953
Dependents: 2
Suggesters: 0
Security: 0
Stars: 3
Watchers: 2
Forks: 1
Open Issues: 1
Requires
- php: >=5.3.0
Requires (Dev)
- evert/phpdoc-md: ~0.0.7
- phpdocumentor/phpdocumentor: 2.*
Suggests
- doctrine/orm: to use the DOCTRINE client provider
- symfony/yaml: to use the YAML client provider
README
Php library to validate and create signed requests
this is a low level library, you might want to check
- Caparica Bundle a symfony2 bundle
- Caparica Guzzle a Guzzle plugin to automatically sign requests for you
Installation
composer.phar require francodacosta/caparica
Documentation
Please be sure to read the documentation, make sure you understand the client and server parts of Caparica.
The latest documentation can be found on the docs folder
Sign a request (client side)
use Caparica\Crypto\RequestSigner; $signer = new RequestSigner(); $password = "12345678901234567890"; $params = array ( 'a' => 'bcd', 'c' => '123', 'b' => 'ewq', 'X-CAPARICA-TIMESTAMP' => date('U') ); $signature = $signer->sign($params, $password);
Validate a request (server side)
use Caparica\Security\RequestValidator; use Caparica\Client\BasicClient; $client = new BasicClient; $requestValidator = new RequestValidator(new RequestSigner); // this values come from the request the client made // use whatever methods your framework has to access http requests $requestParams = array( 'X-CAPARICA-DATE' => "12345676743", 'a' => 'bcd', 'c' => '123', 'b' => 'ewq', ); // the signature comes from the request, we will use it to compare with the server // generated one, if they match we know the request is valid $requestSignature = '0c6513e432bb25d8be659a99ca240a64f60dee875e04d557341a677bfe08a1bf'; $isValid = $requestValidator->validate($client, $requestSignature, $requestParams);