Authentication

How to authenticate yourself with CKBull Signer API
To be able to generate sign in requests and transaction requests your dApp must use the API keys provided in CKBull Developer Console after registering it.
CKBull Signer API is meant to be called from a server. Don't make calls from your dApp frontend; always use your own dApp backend.
You will need:
  • API Key.
  • API Secret.
CKBull Signer API uses the HMAC-SHA512 algorithm to validate the dApp in every call to generate sign in and transaction requests. The following HTTP headers need to be passed to authenticate the dApp:
  • x-timestamp: A timestamp generated when making the call.
  • x-api-key: The dApp API key provided in CKBull Developer Console.
  • x-signature: The signature hash obtained using the timestamp and your dApp API secret.
Here you can find the code to generate the required headers.
Javascript
Python
const crypto = require('crypto');
const apiSecret = "your-api-secret";
const timestamp = Math.floor(Date.now() / 1000);
const hmac = crypto.createHmac('sha512', apiSecret);
hmac.update(timestamp.toString());
const timestampHeader = timestamp;
const signatureHeader = hmac.digest('base64');
const apiKeyHeader = "your-api-key";
import hashlib
import os
import base64
import time
apiSecret = 'your-api-secret';
timestamp = str(int(time.time()))
hmac = hashlib.sha512(random_string.encode('utf-8'))
hmac.update(timestamp.encode('utf-8'))
hash = hmac.digest()
hash_b64 = base64.b64encode(hash).decode('utf-8')
timestamp_header = timestamp
signature_header = hash_b64
api_key_header = 'your-api-key';