New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

@bitgo-beta/sdk-hmac

Package Overview
Dependencies
Maintainers
0
Versions
205
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@bitgo-beta/sdk-hmac

HMAC module for the BitGo SDK

1.0.1-beta.130
Source
npm
Version published
Maintainers
0
Created
Source

@bitgo/sdk-sdk-hmac

Isolated module for performing hash-based message authentication (HMAC) on API requests.

Installation

npm i @bitgo/sdk-hmac

import { calculateRequestHeaders, verifyResponse } from '@bitgo/sdk-hmac';

const bearerToken = 'v2x123...';
const url = '/api/v2/wallets';

const { hmac, timestamp, tokenHash } = calculateRequestHeaders({
  url,
  token: bearerToken,
  timestamp: new Date().valueOf().toString(),
  // if making a POST/PUT request with a body, pass as text
  // text: JSON.stringify(request.body)
  // optional, can pass 2 or 3 for auth-version
  // authVersion: 3
});

const response = await fetch(url, {
  method: 'GET',
  headers: {
    authorization: `Bearer ${tokenHash}`,
    hmac,
    'bitgo-auth-version': '2.0',
    'auth-timestamp': timestamp,
  },
});

const verifiedResponse = verifyResponse({
  url,
  hmac: response.headers.get('hmac'),
  statusCode: response.status,
  text: response.text,
  timestamp: response.headers.get('timestamp'),
  token: bearerToken,
  method: 'get',
});

if (!verifiedResponse.isValid) {
  throw new Error('dont trust this response, possible MITM attack');
}

FAQs

Package last updated on 17 Mar 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts