Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

http-signature

Package Overview
Dependencies
Maintainers
1
Versions
28
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

http-signature

Reference implementation of Joyent's HTTP Signature Scheme

  • 0.9.10
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
20M
increased by7.55%
Maintainers
1
Weekly downloads
 
Created

What is http-signature?

The http-signature npm package is used to create and verify HTTP request signatures. It is based on the Joyent HTTP Signature Scheme and allows for signing HTTP messages for authentication and message integrity. This package is commonly used in APIs and web services to ensure that HTTP requests are made by authenticated users and have not been tampered with in transit.

What are http-signature's main functionalities?

Signing HTTP Requests

This feature allows you to sign an HTTP request using a private key. The resulting signature is added to the request's headers, which can then be verified by the server to authenticate the request.

const httpSignature = require('http-signature');
const fs = require('fs');

const privateKey = fs.readFileSync('private.pem', 'ascii');

const requestOptions = {
  method: 'GET',
  path: '/foo',
  headers: {}
};

httpSignature.sign(requestOptions, {
  key: privateKey,
  keyId: 'myKeyId'
});

console.log(requestOptions.headers);

Verifying HTTP Requests

This feature allows you to verify the signature of an incoming HTTP request using a public key. If the signature is valid, it means the request was signed by the holder of the corresponding private key and has not been altered.

const httpSignature = require('http-signature');
const fs = require('fs');

const publicKey = fs.readFileSync('public.pem', 'ascii');

const request = {
  method: 'GET',
  url: '/foo',
  headers: {
    // headers should include the 'authorization' header with the signature
  }
};

const isValid = httpSignature.verifySignature(request, publicKey);

console.log(isValid);

Other packages similar to http-signature

FAQs

Package last updated on 23 Jan 2013

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc