Request signature
# Request signature overview
The safest solution is to only use communication over HTTPS, but there may be cases when HTTPS communication between the system and CKEditor Cloud Services is not possible, and only HTTP communication can be used. Therefore, to secure both situations, CKEditor Cloud Services uses the HMAC algorithm to secure the connections between systems.
# Algorithm
Each request sent from or received by CKEditor Cloud Services should have the following headers:
X-CS-TimestampX-CS-Signature
The X-CS-Timestamp value should be the number of milliseconds elapsed since January 1, 1970 00:00:00 UTC, for example, returned by Date.now() in node/JavaScript.
The signature is generated using the SHA-256 algorithm using one of API secrets as a secret and based on the following data:
- HTTP method –
GET,POST,PUT,DELETE. - URL – The path of the URL.
Forhttps://docs.cke-cs.com/api/v5/docs?page=1this is just/api/v5/docs?page=1. - timestamp – The same value as in the
X-CS-Timestampheader. - body – A string from the body for
POSTandPUTor an empty string for other methods.
For generating Webhooks request signature you will need to use the API secret which is selected as “Use with Webhooks”.
If there is no API secret selected, then API secret from the “API configuration” tab will be used.
The above data should be combined into one string in the following way:
- Convert the HTTP method name to an upper case string.
- Add the URL (path name).
- Add the timestamp.
- Add the body converted to a string.
# Examples
Check an example of a request signature implementation in Node.js.
Check an example of a request signature implementation in ASP.NET.
Check an example of a request signature implementation in Java.
Check an example of a request signature implementation in PHP.
Check an example of a request signature implementation in Python 3.