Adding a signature to the end of every endpoint


#1

Hi guys,

My api works by making a custom signature that auths the user. This signature is added at the end of every endpoint.
I was wondering if it’s possible to define the signature somewhere and have it automatically added to the end of each endpoint without having to manually add /{signature}: to each endpoint.

E.g.:

Simplified version of the Raml

baseUri: https://api.example.com
mediaType: application/json

/version:
  get:
    is: [secured]
    description: Retrieves the API version.
    responses:
      200:
        body:
          application/json:
            example: !include Examples/getVersion200Response.sample

/traffic/{customer_number}:
  uriParameters:
    customer_number:
      type: integer
      description: The customer number.
  get:
    is: [secured]
    description: Retrieves the average traffic for the past 5 minutes in Mb/s.
    responses:
      200:
        body:
          application/json:
            example: !include Examples/getTraffic200Response.sample
      400:
        body:
          application/json:
            example: !include Examples/getTraffic400Response.sample

What i would like to do is something like

baseUri: api.example.com/*/{signature} 
  baseUriParameters:
    signature:
      description: sha1('mySecretKey'+ timestamp + URI)

Where the * wildcard are all the endpoints i have defined. This way if the signature ever changes i just have to modify it in the baseUriParameters.
Can anyone tell me what the correct way to define this is?


#2

I am not sure if that is possible. Why not having the signature before each concrete resource? api.example.com/{signature}/*


#3

I am currently working on creating the RAML (which will be used to generate documentation) for an existing API.
This API is currently in use by a few thousand users. So unfortunately changing it to: api.example.com/{signature}/* is not possible. I am really looking for a solution that will fit the current API structure.


#4

Perhaps defining it as a query parameter? But if a few thousand are already using it, and you can’t version the API to add new features and then fix the API, I think you may be out of luck with this in RAML. Sounds like even a query API would require you to modify the API the end users use. Seems like something is funky with the actual API design.