search

eBay / digital-signature-verification-ebay-api

Verification of digital signatures for use by developers sending HTTP requests to eBay's APIs
Apache License 2.0
8 stars 7 forks source link

where is the api to get x-ebay-signature-key #2

Closed ex-melody closed 2 years ago

ex-melody commented 2 years ago

https://developer.ebay.com/develop/guides/digital-signatures-for-apis
Developers will be issued a private key, as well as a public key in the form of a JWE. The keys can be downloaded through an eBay public API. In the meantime, we have provided test keys below. what is this public api. where is an eBay public API to downloaded the keys.

and how to build a signature_base? is this signatureBase ok? "content-digest": sha256=:qHHEen9IoSs4qZTkipZZ+rXWN289vON1Wby2F+/oZi0=: "x-ebay-signature-key": testPublicKey "@method": POST "@path": /verifysignature "@authority": 127.0.0.1 "@signature-params": ("content-digest" "x-ebay-signature-key" "@method" "@path" "@authority");created=1660611465471;alg="rsa-v1_5-sha256"

uherberg commented 2 years ago

@ex-melody The API isn't available yet, but will be on October 1. We will send out an announcement once it is available. You can test your code in the meantime using the test keys that we provide and using the code I implemented. You can read in the IETF draft how to build the signature base: https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures#section-2.4 Let me know if that answers your question