A digital signature is a mathematical scheme for verifying the authenticity of digital messages or documents. In the context of licensing, it is obviously paramount for any client/device communicating with the SLASCONE API, to validate the data integrity of the message, i.e., that the message was not altered in transit.
SLASCONE uses the HMACSHA256 algorithm in order to simultaneously verify both the data integrity and the authenticity, of every API response. This is a symmetric key encryption, which means that the same key is used for encryption and decryption of the messages. The signature is embedded in the response header.
SIGNATURE AND RESPONSE HEADER
The response header contains the property x-slascone-signature. This signature is generated based on the content of the response body.
Once a client receives a SLASCONE API response, it needs to validate it. Validation based on the received x-slascone-signature and the shared encryption key is a straightforward process. Visit our GitHub code examples for more information.
The exchange of the shared encryption key is a one-time process, that can be performed in several, state-of-the-art ways. Contact us for more details.