Authentication V4

There are several ways to authenticate users and servers.

jwt token, oauth, signed request

For authenticating between servers signing request with signature considered is one of the most secured one.

Both server and client have key_id and key_secret

key_id - transffered through the network

key_secret - used only as a key for hash function and not transffered

The general logic for creating a signature for request is to combine different fields of it and then hash it those several times.

Note: Important to hash also time with seconds. In that case we can guarantee that the same signature can be used for the same request only with 3 -5 second interval.


Best documentaion on that kind of signature belongs to Amazon.

https://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html