Finqware API
  • Quick start
  • Overview
    • Skills
    • Servicers
    • Tenants
    • Security model
      • Tenant-level elements
      • User-level elements
  • Dev guide
    • Intro
    • User onboarding
      • Detailed flow
    • Consuming data
      • About caching
    • Designing a tenant app
      • The back-end
      • The front-end
    • Signing API requests
      • RS256 infrastructure
      • Computing the digest
      • Signing HTTP requests
  • API
    • Sessions
    • Tokens
    • Accounts
    • Balances
    • Transactions
    • Payments
    • Consents
    • Catalogs
    • Errors
Powered by GitBook
On this page
  1. Dev guide

Signing API requests

An extra layer of security on top of API keys

PreviousThe front-endNextRS256 infrastructure

Last updated 3 years ago

The Finqware API v1 has two base endpoints:

  • - protected by TLS & API keys

  • - extra security: message signing & anti-tampering

In order to use the v1s endpoints, an external API consumer is required to sign a short-lived JWT with each API call and include the JWS inside an Authorization header. The signed JWT payload will include a digest (sha256) of the request, for anti-tampering protection.

https://api.finqware.com/v1
https://api.finqware.com/v1s