The safest solution is to only use the communication over HTTPS, but there may be cases when HTTPS communication between the system and CKEditor Cloud Services is not possible, and only HTTP communication can be used. Therefore, to secure both situations, CKEditor Cloud Services uses the HMAC algorithm to secure the connections between systems.
Each request sent from or received by CKEditor Cloud Services should have the following headers:
The signature is generated using the SHA-256 algorithm using the API secret as secret and based on the following data:
- HTTP method –
- URL – The path of the URL.
https://docs.cke-cs.com/api/v1/docs?page=1this is just
- timestamp – The same value as in the
- body – A string from the body for
PUTor an empty string for other methods.
The above data should be combined into one string in the following way:
- Convert the HTTP method name to an upper case string.
- Add the URL (path name).
- Add the timestamp.
- Add the body converted to a string.
Check an example of a request signature implementation in Node.js.