Signing API requests
An extra layer of security on top of API keys
Last updated
An extra layer of security on top of API keys
Last updated
The Finqware API v1 has two base endpoints:
- protected by TLS & API keys
- extra security: message signing & anti-tampering
In order to use the v1s
endpoints, an external API consumer is required to sign a short-lived JWT with each API call and include the JWS inside an Authorization header. The signed JWT payload will include a digest (sha256) of the request, for anti-tampering protection.