Authentication
This section covers the details of authentication mechanisms required by the Algbra Labs API platform.
Mechanism
The use of API Token and Public-Private key cryptography offer significant advantages in terms of security for API authentication. By relying on the cryptographic strength of these keys, the system ensures that any attempt to intercept or tamper with requests is rendered futile, as only the legitimate client possesses the private key necessary to sign requests accurately.
This method also provides the server with a reliable means to verify the identity of the client without requiring the client to repeatedly share sensitive authentication credentials, like passwords.
Authentication Configuration
In order for us to create your authentication configuration, you need to follow steps below:
Create CSR
You need to create a public-private key pair securely and generate CSR that contains 4096-bit RSA public key.
You have to use FIPS 140-2 level 2 compliant, physical or virtual HSM to store your private key securely. You will be required to demo and share evidence use of expected secure key store as part of your onboarding process.
For sandbox testing, you can use alternative tools (such as OpenSSL) to generate your key pairs.
Exchanging API Token
As part of the last stage of your Authentication configuration, you'll receive an encrypted binary file which contains your API Token. You need to use your private key to decrypt the file to extract API token.
As recommended at step 1 above, you must use HSM capabilities to extract the API token and store your token also securely. Similarly, we advice you to treat this key as a secret. Based on your infrastructure capabilities, required secure storage can be AWS KMS or equivalent.
For sandbox testing, you can use below command to decrypt binary file to extract your API key.
Now, you have everything you need for your Authentication Configuration. Please check Payload Signing section for the next steps.
Last updated