guideRequest signature

# Overview

The safest solution is to only use the communication over HTTPS, but there may be cases when HTTPS communication between the system and CKEditor Cloud Services is not possible, and only HTTP communication can be used. Therefore, to secure both situations, CKEditor Cloud Services uses the HMAC algorithm to secure the connections between systems.

# Algorithm

Each request sent from or received by CKEditor Cloud Services should have the following headers:

  • X-CS-Signature
  • X-CS-Timestamp

The signature is generated using the SHA-256 algorithm using the API secret as secret and based on the following data:

  • HTTP method – GET, POST, PUT, DELETE.
  • URL – The path of the URL.
    For this is just /api/v1/docs?page=1.
  • timestamp – The same value as in the X-CS-Timestamp header.
  • body – A string from the body for POST and PUT or an empty string for other methods.

The above data should be combined into one string in the following way:

  • Convert the HTTP method name to an upper case string.
  • Add the URL (path name).
  • Add the timestamp.
  • Add the body converted to a string.

# Example

Check an example of a request signature implementation in Node.js.