Skip to main content

Process for Signing requests with StarSign

1

Calculate hash of HTTP Request Body

The digest algoritm to use is version specific. As of version 1 it is SHA256. The hash of the body are computed and compared “as-sent” and “as-recieved” which means there are no canonicalization of the body. Encoding must be UTF-8.hash(RequestBody)\text{hash}(\text{RequestBody})
2

Build signature payload

The payload is the string to be signed. It uses URL Encoding as representation with all values percent encoded. See payload specification. Example payload:
k=key_123abc&
a=StarSignV1-HMAC-SHA256&
m=POST&
p=v1.ParamidionService%2FDescribeParameter&
q=parameterName%3Dvalue&
d=GMuuPsaA4rCsGeMa56Ew4nu4ED79jkQ9kKS8UDUHYFv1&
n=ETmr2tEpx691VS&
t=20060102T150405Z
3

Compute HMAC signature

Compute the HMAC hash of the payload using the Client Secret.signature=HMAC(secret,payload)\text{signature} = \text{HMAC}(secret, payload)
4

Format Authorization header

Format the Authorization header. Base58 encode the HMAC hash and the payload using the BTC alphabet. The HeaderKey is version specific, as of version 1 it is starsign1.HeaderKey  ’ ’ (space)  Base58(signature)  ’;’  Base58(payload)\small\text{HeaderKey} \ || \ \text{' ' (space)} \ || \ \text{Base58}(\text{signature}) \ || \ \text{';'} \ || \ \text{Base58}(\text{payload})
5

Set Authorization header to request and send it

Authorization: starsign1 3CAR2hUPT9[...];wMX3EtvWaZ[...]

Signature Payload Parameters

The signature payload is metadata that gets signed and sent with the signature hash.
k
string
required
Key ID identifies the key used to sign the request.
a
string
required
HMAC algoritm constant is version specific, as of version 1 it is StarSignV1-HMAC-SHA256.
m
string
required
Method of the request.
p
URL Path
required
URL Path of the request with any leading slash trimmed. Example v1.ParamidionService/DescribeParameter
q
URL Query
required
Query string of the request.
d
string
required
Hash digest value of the HTTP body. The digest algoritm is version specific, as of version 1 it is SHA256.
n
base58(BTC) encoded hash
required
Nonce must be at least 16 bytes and at most the same length as the client secret. Requests that reuse a previous nonce are denied.
t
string
required
Time of signing the request. Time format is ISO 8601 (20060102T150405Z).
Celestra Space offers APIs that supercharge your space software, unlocking the potential for truly captivating outcomes. Create your account today!