How to create an API key and how to sign your API requests
This topic describes the steps to create a signed request. This means that you must generate a key pair that is used to verify your signature.
Summary of steps
To create a signed request, you must complete the following steps.
- Configure an API key in nOps through the nOps app.
- Create a public/private key pair. Configure nOps with the public key to validate the signature.
- Compose your request.
Create a public/private key pair.
Create a Signature Verification Key pair
Begin by opening a command window.
Generate a PEM Certificate using the following command:
$ openssl genpkey -out rsakey.pem -algorithm RSA -pkeyopt rsa_keygen_bits:1024
Extract a public key from the PEM certificate by using the following command.
$ openssl rsa -in rsakey.pem -pubout > key.pub
Copy this information into your clipboard.
- Log into the nOps console and from the Organization Settings pane click the API Key option
Click on Let’s Generate Your API Key
- Paste your RSA key into the nOps API Key Signature Verification field.
Click Save. You will see a confirmation dialog that contains your newly generated key.
**You now have a fully configured API Client and can use this key when you send a request to nOps.
Compose your request
Once you have the key, you can compose a signature string and sign it and send your request.
Signing your Request
The format for the signature is:
The information for the signature request contains the following:
- client_id: The Client ID is contained in the first part of API_Key that is returned.
In this example key: api_key=123.aaaa4432454ccccb5a2280e755fdzzzz
the api_key is 123
- date_str: Use the yyyy-MM-dd format, such as 2022-11-07
- url: Use a request url that does not include the domain name. Ensure that the url contains a trailing slash (/) or the signature will not be verified, and your request will fail. The signature must match exactly before it can be verified.
- API key: Use the format ?api_key=xxx
The example signature shown above can only be used:
on the date: 2022-01-10
for the API URL of: /nops_api/v1/billingGetTotal/
for the client (123) indicated within the api_key request:
The signature must match exactly for the signature to be verified.
To sign and encode your signature string using your private key.
Following is an example of how to create a key pair using Python instead of the prior instructions to create a key pair. However, in order to use the Python script you may first need to install pycryptodomex by using this command:
pip install pycryptodomex
import binascii from Cryptodome.Hash import SHA256 from Cryptodome.PublicKey import RSA from Cryptodome.Signature import pkcs1_15 key = RSA.generate(1024) encrypt_key = key.export_key(pkcs=8) public_key = key.publickey().export_key().decode() message = "123.2022-01-10./nops_api/v1/billingGetTotal/?api_key=123.aaaa4432454ccccb5a2280e755fdzzzz" encoded_string = message.encode() byte_array= bytearray(encoded_string) sha_bytes = SHA256.new(byte_array) signature = pkcs1_15.new(encrypt_key).sign(sha_bytes) signature = binascii.b2a_base64(signature)[:-1].decode("utf-8")
To send an API request
Include the encoded signature in the
API requests should use the following format.
<enter_REST-URI> is the location of the endpoint for example: /c/admin/projectaws/
<Client_key> is the API key you generated within nOps in the Create a public/private key pair procedure earlier in this document.
|The Scheduler Slackbot "How To" Guide|
|The nOps Scheduler API Guide|