![Create React App Officially Deprecated Amid React 19 Compatibility Issues](https://cdn.sanity.io/images/cgdhsj6q/production/04fa08cf844d798abc0e1a6391c129363cc7e2ab-1024x1024.webp?w=400&fit=max&auto=format)
Security News
Create React App Officially Deprecated Amid React 19 Compatibility Issues
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
digital-signature-nodejs-sdk
Advanced tools
NodeJS SDK to generate and validate digital signatures
HTTP message signatures provide a mechanism for end-to-end authenticity and integrity for components of an HTTP message.
This NodeJS SDK is designed to simplify the process of generating digital signature headers and also provides a method to validate the digital signature headers.
Due to regulatory requirements emanating from SCA for our European/UK sellers, we are requiring our developers to add a digital signature for every HTTP call that is made on behalf of a EU/UK seller to certain APIs.
This SDK is generic and the signature scheme is compliant with these upcoming IETF standards (currently not yet RFCs).
This SDK is intended to generate required message signature headers, as per the above IEFT standards, and also provides a way to verfiy signature headers. There is also an example NodeJS service included with the SDK.
This SDK incorporates
signMessage
method to sign the incoming request objectvalidateSignature
method to validate the signature of the incoming request objectFor more details on Digital Signatures for eBay APIs please refer to the documentation.
Prerequisites
NodeJS: v16 or higher
NPM: v7 or higher
Using npm:
npm install digital-signature-nodejs-sdk
Using yarn:
yarn add digital-signature-nodejs-sdk
In order to run the example application (signing-only) the example-config.json needs to be updated.
{
"digestAlgorithm": "<Algorithm used for generating content digest>",
"jwe": "<JWE generated using Key Management API>",
"privateKey": "<Private key generated using Key Management API>",
"signatureComponents": "<Signature components for generating the base string>",
"signatureParams": "<List of signature params>"
}
For both signing and signature validation, use example-config-full.json.
{
"digestAlgorithm": "<Algorithm used for generating content digest>",
"jweHeaderParams": "<The JWE header params>",
"jwtExpiration": "<The JWT expiration in years>",
"jwtPayload": "<The JWT payload params>",
"masterKey": "<The symmetric key used for JWE encryption and decryption>",
"privateKey": "<Private key generated using Key Management API>",
"publicKey": "<Public key generated using Key Management API>",
"signatureComponents": "<Signature components for generating the base string>",
"signatureParams": "<List of signature params>"
}
Name | Type | Description |
---|---|---|
digestAlgorithm | string | The algorithm for generating the Content-Digest header. Supported vales are sha256 and sha512 |
jwe | string | The JWE generated using the Key Management API |
jweHeaderParams | JSON object | The JWE header params. This is required only if a JWE is not provided in the config. |
jwtExpiration | number | The JWT expiration in years. This is required only if a JWE is not provided in the config. |
jwtPayload | JSON object | The JWT payload params. This is required only if a JWE is not provided in the config. |
masterKey | string | The symmetric key. This is only needed for testing purposes. Ideally the JWE should be generated using the Key Management API |
privateKey | string | The privateKey generated using the Key Management API |
publicKey | string | The publicKey generated using the Key Management API |
signatureComponents | JSON object | The signature components that are a part of the signatureParams . These are used to generate the base string which is used to generate the signature header |
signatureParams | Array | The list of headers that indicates which headers and pseudo-headers are included, as well as the order in which they are used when calculating the signature |
Note: You can refer to example.js for an example of how to setup an express server and use the SDK.
Using npm:
npm start
Using yarn:
yarn start
For production, please host with HTTPS enabled.
Uses standard console logging.
Copyright 2022 eBay Inc. Developer: Lokesh Rishi
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
FAQs
NodeJS SDK to generate and validate digital signatures
The npm package digital-signature-nodejs-sdk receives a total of 50 weekly downloads. As such, digital-signature-nodejs-sdk popularity was classified as not popular.
We found that digital-signature-nodejs-sdk demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.
Security News
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
Security News
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.