@bitgo-beta/sdk-hmac

HMAC module for the BitGo SDK

1.0.1-beta.34
Source
npm

Version published: last month

Maintainers: 2

Created: 2 months ago

Source

@bitgo/sdk-sdk-hmac

Isolated module for performing hash-based message authentication (HMAC) on API requests.

Installation

npm i @bitgo/sdk-hmac

import { calculateRequestHeaders, verifyResponse } from '@bitgo/sdk-hmac';

const bearerToken = 'v2x123...';
const url = '/api/v2/wallets';

const { hmac, timestamp, tokenHash } = calculateRequestHeaders({
  url,
  token: bearerToken,
  timestamp: new Date().valueOf().toString(),
  // if making a POST/PUT request with a body, pass as text
  // text: JSON.stringify(request.body)
  // optional, can pass 2 or 3 for auth-version
  // authVersion: 3
});

const response = await fetch(url, {
  method: 'GET',
  headers: {
    authorization: `Bearer ${tokenHash}`,
    hmac,
    'bitgo-auth-version': '2.0',
    'auth-timestamp': timestamp,
  },
});

const verifiedResponse = verifyResponse({
  url,
  hmac: response.headers.get('hmac'),
  statusCode: response.status,
  text: response.text,
  timestamp: response.headers.get('timestamp'),
  token: bearerToken,
  method: 'get',
});

if (!verifiedResponse.isValid) {
  throw new Error('dont trust this response, possible MITM attack');
}

FAQs

What is @bitgo-beta/sdk-hmac?

Is @bitgo-beta/sdk-hmac well maintained?

Package last updated on 28 Jan 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

@bitgo-beta/sdk-hmac

@bitgo/sdk-sdk-hmac

Installation

Related posts

Michigan TypeScript Founder Successfully Runs Doom Inside TypeScript's Type System

vlt Launches "reproduce": A New Tool Challenging the Limits of Package Provenance