For a deeper look into our World Check One API, look into:

Overview |  Quickstart |  Documentation |  Downloads

question

Upvote
Accepted
401 17 18 34

How does the authentication work?

world-checkworld-check-oneauthentication
icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

1 Answer

Upvote
Accepted
526 2 2 3

Hello @Susan Genoray, the API uses a form of digital signature to handle authentication (specifically, HMAC-SHA256 wrapped in a HTTP signature within the "Authorization" header). An API client will receive a secret key from WC1, and will use this key to sign every request they send through to the API. When WC1 receives an API request, it will try to recompute the digital signature for the given user, and will only process the request if the signatures match. This signature is also used to validate that the contents of the API requests are not tampered with, in that their full contents form part of the data that is used to compute the signature.

icon clock
10 |1500

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.