Digital signatures are a way of verifying the identity of the sender and the integrity of the data when using APIs. They are based on cryptographic algorithms that generate a unique and secure signature for each API call. Digital signatures can prevent unauthorized access, tampering, or replay attacks on the API. They can also provide legal evidence of the origin and content of the API request and response. There are different types of digital signature APIs available for different purposes and platforms, such as Adobe Sign API, Zoho Sign API, or XPS Digital Signature API.
At Gwocu we implemented our own digital signature to prevent unauthorized access, it is called the gwoken. If your account has the gwoken enabled you should have received a token that must be used in the calculation. You will only be able to cummunicate with our APIs if you have calculated and passed a correct signature in the body of your API call.
In the code below, we implemented the digital signature using the crypto-js module in Node.js. We first created an object with the parameters that we want to send to the API, such as clientNr, chatbotMaster. Then we calculated the signature using a custom function that takes the token and the parameters as inputs. The function performs the following steps:
// require the crypto library that contains the hash functions
const crypto = require('crypto-js');
// This is a regular body for a Query all chatbots API
var body = {
clientNr: "111111,
chatbotMaster: "chatbot1"
}
// calculate the gwoken
const gwoken = CalculateSignature(token, body) ;
// add the gwoken to the body
body.gwoken = gwoken;
// query all the bots
const res = await axios.post("https://apis.gwocu.com/api/chatbots/queryall/", body);
function CalculateSignature(token, parameters) {
// calculate the hash value of the token
// var ApiTokenHashvalue = CryptoJS.MD5(str_1 + str_2).toString();
var ApiTokenHashvalue = crypto.MD5(token).toString();
// order parameters alphabetically
var SortedParams = sortObjByReverseKey(parameters);
// Concatenate: add '&' between key and value pair and replace : for =
var MyString = '';
for (const [key, value] of Object.entries(SortedParams)) {
MyString += (`${key}=${value}&`);
}
// add hash value of token at the end of the string
MyString += ApiTokenHashvalue;
// create the verifySign
const MySignature = crypto.MD5(MyString).toString();
return MySignature;
}
// alphabetical sort helper function
function sortObjByReverseKey(obj) {
return Object.keys(obj).sort(function (a, b) {
return a.split("").reverse().join("").localeCompare(b.split("").reverse().join(""));
}).reduce(function (result, key) {
result[key] = obj[key];
return result;
}, {});
}