Authentication and Signature
This section describes how to sign requests to the HighHelp API and how to verify the signature of alerts.
Two signature algorithms are supported:
-
RSA (RSA-SHA256)— asymmetric algorithm with a pair of keys (public and private).
-
HMAC (HMAC-SHA512)— a symmetric algorithm with one secret key.
A set of keys for signing requests and a key for signing alerts are tied to the cash register.
Authentication Documentation Structure
Signing requests
-
RSA authentication and signing of requests
Description of cash register registration, RSA key generation, header formatx-access-*, signature generation algorithm and example requests. -
HMAC authentication and signing of requests
Description of registering a cash register, obtaining an HMAC key, data normalization, header formatx-access-*, signature generation algorithm and example requests.
Alert signature
-
RSA Alert Signing
An algorithm for generating and verifying an RSA signature for HTTP notifications, a format for normalized data, and examples of validation in your integration. -
HMAC Alert Signing
Algorithm for generating and verifying an HMAC signature for HTTP notifications, data normalization and examples of signature verification.