How can I attach some parameters with request?

What is the purpose of cryptographically signing request parameters in HTTP APIs?

For example, in 1, the request parameters are assembled into a signature base string and signed with HMAC-SHA1. Doesn't the transport layer, like , take care of the authenticity?
Answer:

SSL only provides a secure channel to transmit. It does not provide the authenticity of the message. Signatures prove that a particular message is authentic while also taking care of non-repudiation.

Was this solution helpful to you?

Other answers

Only if you require that all your clients perform mutual SSL authentication (i.e. they send a client-side certificate). Without it, SSL only provides a secure channel. With the usual SSL setup (server sends a certificate, client only does verification), the client can authenticate the server, while the server has no idea which client is talking to it. So, you have to provide some way to authenticate clients â€” either by requiring all clients to send a certificate and go through the hassle of acquiring a certificate, and having the server need to keep a list of allowed certificates etc., or by adding an additional layer where you sign requests. OAuth goes with the latter, having requests signed instead. Of course, as a side benefit, with requests being signed this way you can still be able to authenticate clients outside of an SSL connection (i.e. plain HTTP).

Jan Michael Ibanez

Signing parameters also provide non-repudiation. This is particularly important when dealing with transaction values. This is useful for denials later on such "I did not authorize $100 transfer only a $1 one".

William Emmanuel Yu

Related Q & A:

What was the purpose of the triple alliance?Best solution by Yahoo! Answers
What is my Incoming EMail Server Name: POP3, IMAP, or HTTP?Best solution by Yahoo! Answers
What is the purpose of PERT?Best solution by searchsoftwarequality.techtarget.com
What is UNICEF and what is their purpose?Best solution by Yahoo! Answers
What is the purpose of UNICEF?Best solution by Yahoo! Answers

Just Added Q & A:

How many active mobile subscribers are there in China?Best solution by Quora
How to find the right vacation?Best solution by bookit.com
How To Make Your Own Primer?Best solution by thekrazycouponlady.com
How do you get the domain & range?Best solution by ChaCha
How do you open pop up blockers?Best solution by Yahoo! Answers

For every problem there is a solution! Proved by Solucija.

Got an issue and looking for advice?
Ask Solucija to search every corner of the Web for help.
Get workable solutions and helpful tips in a moment.

Just ask Solucija about an issue you face and immediately get a list of ready solutions, answers and tips from other Internet users. We always provide the most suitable and complete answer to your question at the top, along with a few good alternatives below.