Web Development

3458 readers

1 users here now

Welcome to the web development community! This is a place to post, discuss, get help about, etc. anything related to web development

What is web development?

Web development is the process of creating websites or web applications

Rules/Guidelines

Follow the programming.dev site rules
Keep content related to web development
If what you're posting relates to one of the related communities, crosspost it into there to help them grow
If youre posting an article older than two years put the year it was made in brackets after the title

Related Communities

Wormhole

[email protected]

Some webdev blogs

Not sure what to post in here? Want some web development related things to read?

Heres a couple blogs that have web development related content

https://frontendfoc.us/ - [RSS]
https://wesbos.com/blog
https://davidwalsh.name/ - [RSS]
https://www.nngroup.com/articles/
https://sia.codes/posts/ - [RSS]
https://www.smashingmagazine.com/ - [RSS]
https://www.bennadel.com/ - [RSS]
https://web.dev/ - [RSS]

Credits

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago

MODERATORS

snowe

erlingur

Ategon

Can RSA be used for web API authentication? (lemy.lol)

submitted 1 year ago* (last edited 1 year ago) by [email protected] to c/webdev

5 comments fedilink hide all child comments

cross-posted from: https://lemy.lol/post/4569543

I need to

encrypt JSON payload (not just sign)

not share private key

verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

you are viewing a single comment's thread
view the rest of the comments

[–] towerful 2 points 1 year ago (1 children)

So what part are you wanting to protect?
The user to your client? The client to you? Or essentially end-to-end between the user and you, but via your client?

Perhaps an alternative way?
The user sends the stock pool to the client, they give the user a transaction key. The user submits the transaction key to you, you fetch the transaction details from the client, then you process them?

I guess I'm failing to understand why the payload needs to be encrypted everything is already travelling over an encrypted medium (IE TLS/HTTPS).

[–] [email protected] 1 points 1 year ago

The client wants to encrypt the payload while sending to us. I hope they know why they want this :)