francodacosta/caparica

secure your REST api with signed requests

Maintainers

Details

github.com/francodacosta/caparica

Homepage

Source

Issues

Installs: 31 953

Dependents: 2

Suggesters: 0

Security: 0

Stars: 3

Watchers: 2

Forks: 1

Open Issues: 1

1.0 2014-10-04 12:34 UTC

Requires

  • php: >=5.3.0

Requires (Dev)

Suggests

MIT 1bada802f31eb98f11c82ed110c7ca80ecd7906b

restapisecurehmac

This package is not auto-updated.

Last update: 2024-11-05 02:21:05 UTC

README

Php library to validate and create signed requests

this is a low level library, you might want to check

Installation

composer.phar require francodacosta/caparica

Documentation

Please be sure to read the documentation, make sure you understand the client and server parts of Caparica.

The latest documentation can be found on the docs folder

Sign a request (client side)

use Caparica\Crypto\RequestSigner;

$signer = new RequestSigner();
$password = "12345678901234567890";
$params = array (
    'a' => 'bcd',
    'c' => '123',
    'b' => 'ewq',
    'X-CAPARICA-TIMESTAMP' => date('U')
);

$signature = $signer->sign($params, $password);

Validate a request (server side)

use Caparica\Security\RequestValidator;
use Caparica\Client\BasicClient;

$client = new BasicClient;

$requestValidator = new RequestValidator(new RequestSigner);

// this values come from the request the client made
// use whatever methods your framework has to access http requests
$requestParams = array(
   'X-CAPARICA-DATE' => "12345676743",
    'a'               => 'bcd',
    'c'               => '123',
    'b'               => 'ewq',
);

// the signature comes from the request, we will use it to compare with the server
// generated one, if they match we know the request is valid
$requestSignature = '0c6513e432bb25d8be659a99ca240a64f60dee875e04d557341a677bfe08a1bf';


$isValid = $requestValidator->validate($client, $requestSignature, $requestParams);