For basic json web services that don't want just anyone to have access. Generates signature hashes for http requests.
Add this to your Gemfile:
gem 'notarize'
And run:
$ bundle
Or install it with:
$ gem install notarize
Just instantiate a Notary object with your service config and call #send_request with the path and a parameter list.
notary = Notarize::Notary.new("http://www.example.com", "public_key", "private_key")
notary.send_request("/example/path/42/", { foo: "Foo", bar: "Bar" })
Optionally you can also pass in an alternate HTTP verb for non-GET requests. Accepted values are :get (the default), :post, :put, and :delete.
response = notary.send_request("/example/path/42/", { foo: "Foo", bar: "Bar" }, :post)
send_request returns a hash with two values. :body with the parsed json response, and :code with the HTTP status code.
Notarize provides a matching_signature? class method that takes a hash of the incoming params, and the private key of the client making the request. The result is checked against params[:signature].
before_filter :authenticate_request!
...
def authenticate_request!
client = ApiClient.where(public_key: params[:public_key]).first # Or however your app works.
if Notarize::Notary.matching_signature?(params, client.private_key)
# It's ok!
else
# Get outta town!
end
end
This ApiClient object is just an example; Notarize doesn't manage your list of authorized clients for you.
Aaron Klaassen
aaron@outerspacehero.com
http://www.outerspacehero.com/
@aaronklaassen