Project

rune

0.0
Repository is archived
No commit activity in last 3 years
No release in over 3 years
Signature generation library for API authentication.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Dependencies
 Project Readme

Rune

Rune was written to provide a simple authentication signature generator for APIs.

Imagine you have a super-awesome API. Each user of your API has a secret auth_token which they will use to sign requests before sending them to you. When the API receives these requests, it performs the same process on the request ata and compares the resulting signature to the signature that was given by the client. If they match—huzzah!—they have entry.

The signature is generated using the following algorithm:

  • Alphabetize all POST fields
  • Concatinate the key and value of each POST field to eachother, concatinate each field name and value to the end of the URL
  • Using the string containing the URL, query string and POST fields, sign them using HMAC-SHA1 and the auth_token as the key.

I suggest providing this signature to your API via an HTTP header like "X-YOUR_API_NAME-Signature".

Example Usage

rune = Rune.new(
  'http://localhost/people',
  'super_secret_auth_token',
  {:person => {:name  => "Name", :age => "29"}, :other => "dude"}
)

rune.generate #=> "BVuqfY28b69Bnt2Kiaj2CObOec0="