secure your REST api with signed requests

1.0 2014-10-04 12:34 UTC


Php library to validate and create signed requests

this is a low level library, you might want to check


composer.phar require francodacosta/caparica


Please be sure to read the documentation, make sure you understand the client and server parts of Caparica.

The latest documentation can be found on the docs folder

Sign a request (client side)

use Caparica\Crypto\RequestSigner;

$signer = new RequestSigner();
$password = "12345678901234567890";
$params = array (
    'a' => 'bcd',
    'c' => '123',
    'b' => 'ewq',
    'X-CAPARICA-TIMESTAMP' => date('U')

$signature = $signer->sign($params, $password);

Validate a request (server side)

use Caparica\Security\RequestValidator;
use Caparica\Client\BasicClient;

$client = new BasicClient;

$requestValidator = new RequestValidator(new RequestSigner);

// this values come from the request the client made
// use whatever methods your framework has to access http requests
$requestParams = array(
   'X-CAPARICA-DATE' => "12345676743",
    'a'               => 'bcd',
    'c'               => '123',
    'b'               => 'ewq',

// the signature comes from the request, we will use it to compare with the server
// generated one, if they match we know the request is valid
$requestSignature = '0c6513e432bb25d8be659a99ca240a64f60dee875e04d557341a677bfe08a1bf';

$isValid = $requestValidator->validate($client, $requestSignature, $requestParams);