Navigation

About Django Request Signer

About

Django Request Signer provides both a client and a server component to assist in verifying that both the sending and receiving ends of a web service call can trust one another. This trust is established by allowing clients to register with the server and recieve a unique public client id and a private key.

How it Works

  1. A client will have an id and a private key which is issued by the server.

  2. The server will store all client ids and corresponding private keys.

  3. When a client needs to request something from the server the following will happen:
    1. The request URL, querystring, post data, and client id will be combined with

      the private key to create a unique signature.

    2. The url, post data (if any exists), querystring, plus the client id and

      signature will be passed to the server in an http request.

    3. The server will receive the request, and use the client id to look up the

      corresponding private key.

    4. The server will then use the request (minus the signature) along with the

      private key to try to recreate the exact same signature as the one passed from the client.

    5. If the server is able to calculate the same signature that was provided by the

      client, the server knows it can trust the request, if not the server will respond with a Bad Request (400).

Table Of Contents

Previous topic

Welcome to django-request-signer’s documentation!

Next topic

Request Signer Server

This Page

Navigation

© Copyright 2012, imtapps. Created using Sphinx 1.1.2.



Brought to you by Read the Docs