Ana içeriğe atla

General Information

Policy Type

policy-digital-sign-verification

UI Documentation

📖 For detailed information: [UI Documentation Link - Link will be added here]

Description

Digital Sign Verification policy verifies digital signatures using cryptographic keys or certificates. It validates signatures against source data and ensures data integrity and authenticity. This policy provides signature verification capabilities for incoming requests or responses. ⚠️ Implementation Status: This policy is currently not implemented in Management API. This policy cannot be created or managed through the Management API at this time. This documentation is provided for reference purposes and will be updated when full API support is added in a future release.

Endpoints

List Policies

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Add Policy

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Update Policy

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Delete Policy

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

List Policies

Endpoint

GET /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/

Request

Headers

HeaderValue
AuthorizationBearer {token}

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name

Response

Success Response (200 OK)

{
  "success": true,
  "resultList": [
    {
      "apiProxy": {
        "name": "MyAPI",
        "requestPolicyList": [
          {
            "type": "policy-digital-sign-verification",
            "name": "digital-sign-verification-policy",
            "description": "Verify request signatures",
            "active": true,
            "policyDigitalSignVerificationDefList": [
              {
                "id": "verify-def-1",
                "description": "Verify request body signature",
                "sourceVar": {
                  "type": "BODY",
                  "bodyJsonPath": "$"
                },
                "signatureVar": {
                  "type": "HEADER",
                  "headerName": "X-Signature"
                },
                "signatureAlgorithm": "SHA256withRSA",
                "signatureAlgorithmVar": null,
                "enumKeyCertificateType": "KEY",
                "cryptoKeyInfoId": "verification-key-id",
                "certificateId": null,
                "inputEncodingType": "BASE64"
              }
            ]
          }
        ],
        "responsePolicyList": [],
        "errorPolicyList": []
      }
    }
  ],
  "resultCount": 1
}

cURL Example

curl -X GET \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/" \
  -H "Authorization: Bearer YOUR_TOKEN"

Add Policy

Endpoint

POST /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example - Verify with Key
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-digital-sign-verification",
    "description": "Verify request signatures",
    "active": true,
    "policyDigitalSignVerificationDefList": [
      {
        "id": "verify-def-1",
        "description": "Verify request body signature",
        "sourceVar": {
          "type": "BODY",
          "bodyJsonPath": "$"
        },
        "signatureVar": {
          "type": "HEADER",
          "headerName": "X-Signature"
        },
        "signatureAlgorithm": "SHA256withRSA",
        "signatureAlgorithmVar": null,
        "enumKeyCertificateType": "KEY",
        "cryptoKeyInfoId": "verification-key-id",
        "certificateId": null,
        "inputEncodingType": "BASE64"
      }
    ]
  }
}
Full JSON Body Example - Verify with Certificate
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-digital-sign-verification",
    "description": "Verify request signatures with certificate",
    "active": true,
    "policyDigitalSignVerificationDefList": [
      {
        "id": "verify-def-1",
        "description": "Verify request body signature",
        "sourceVar": {
          "type": "BODY",
          "bodyJsonPath": "$"
        },
        "signatureVar": {
          "type": "HEADER",
          "headerName": "X-Signature"
        },
        "signatureAlgorithm": "SHA256withRSA",
        "signatureAlgorithmVar": null,
        "enumKeyCertificateType": "CERTIFICATE",
        "cryptoKeyInfoId": null,
        "certificateId": "verification-cert-id",
        "inputEncodingType": "BASE64"
      }
    ]
  }
}
Full JSON Body Example - Dynamic Algorithm from Variable
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": true,
    "deployTargetEnvironmentNameList": ["production"],
    "order": 1
  },
  "policy": {
    "type": "policy-digital-sign-verification",
    "description": "Verify with dynamic algorithm",
    "active": true,
    "policyDigitalSignVerificationDefList": [
      {
        "id": "verify-def-1",
        "description": "Verify with algorithm from variable",
        "sourceVar": {
          "type": "BODY",
          "bodyJsonPath": "$"
        },
        "signatureVar": {
          "type": "HEADER",
          "headerName": "X-Signature"
        },
        "signatureAlgorithm": null,
        "signatureAlgorithmVar": {
          "type": "HEADER",
          "headerName": "X-Signature-Algorithm"
        },
        "enumKeyCertificateType": "KEY",
        "cryptoKeyInfoId": "verification-key-id",
        "certificateId": null,
        "inputEncodingType": "BASE64"
      }
    ]
  }
}

Request Body Fields

operationMetadata
FieldTypeRequiredDefaultDescription
targetScopestringYes-Policy scope: ALL or ENDPOINT
targetEndpointstringNo*-Endpoint path (required if targetScope=ENDPOINT)
targetEndpointHTTPMethodstringNo*-HTTP method (required if targetScope=ENDPOINT)
targetPipelinestringYes-Pipeline: REQUEST, RESPONSE, or ERROR
deploybooleanNotrueWhether to deploy after adding policy
deployTargetEnvironmentNameListarrayNo[]List of environment names to deploy to
orderintegerNonullPolicy execution order (starts from 1)
Enum: targetScope
  • ALL - Policy applies to all endpoints
  • ENDPOINT - Policy applies only to specified endpoint
Enum: targetPipeline
  • REQUEST - Executes in request pipeline (verifies request signatures)
  • RESPONSE - Executes in response pipeline (verifies response signatures)
  • ERROR - Executes in error pipeline
Enum: targetEndpointHTTPMethod
  • GET, POST, PUT, DELETE, PATCH, OPTIONS, HEAD
policy
FieldTypeRequiredDefaultDescription
typestringYes-Policy type: policy-digital-sign-verification
descriptionstringNo-Policy description
activebooleanNotrueWhether policy is active
policyDigitalSignVerificationDefListarrayYes-List of verification definitions (at least one required)
Note: policyDigitalSignVerificationDefList must contain at least one verification definition.
policyDigitalSignVerificationDefList
Each verification definition is an object with the following fields:
FieldTypeRequiredDefaultDescription
idstringNo-Verification definition ID (auto-generated)
descriptionstringNo-Verification definition description
sourceVarobjectYes-Source variable containing data to verify
signatureVarobjectYes-Variable containing signature to verify
signatureAlgorithmstringNo*nullSignature algorithm (required if signatureAlgorithmVar not provided)
signatureAlgorithmVarobjectNo*nullVariable containing signature algorithm name (required if signatureAlgorithm not provided)
enumKeyCertificateTypestringNoKEYKey or certificate type: KEY or CERTIFICATE
cryptoKeyInfoIdstringNo*nullCrypto key info ID (required if enumKeyCertificateType=KEY)
certificateIdstringNo*nullCertificate ID (required if enumKeyCertificateType=CERTIFICATE)
inputEncodingTypestringNoBASE64Input encoding type: BASE64 or HEXADECIMAL

EnumSignatureAlgorithm

  • RSA algorithms: NONEwithRSA, MD2withRSA, MD5withRSA, SHA1withRSA, SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA
  • DSA algorithms: NONEwithDSA, SHA1withDSA, SHA224withDSA, SHA256withDSA
  • ECDSA algorithms: NONEwithECDSA, SHA1withECDSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA

EnumKeyCertificateType

  • KEY - Use public key from CryptoKeyInfo
  • CERTIFICATE - Use certificate (extracts public key from certificate)

EnumEncodingType

  • BASE64 - Base64 encoding (matches BASE64 output from sign policy)
  • HEXADECIMAL - Hexadecimal encoding (matches HEXADECIMAL output from sign policy)

Note

  • sourceVar and signatureVar are required.
  • Either signatureAlgorithm or signatureAlgorithmVar must be provided.
  • If enumKeyCertificateType: KEY, cryptoKeyInfoId is required.
  • If enumKeyCertificateType: CERTIFICATE, certificateId is required.
  • inputEncodingType must match the outputEncodingType used when signing.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

cURL Example

curl -X POST \
  "https://demo.apinizer.com/apiops/projects/MyProject/apiProxies/MyAPI/policies/digital-sign-verification-policy/" \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "operationMetadata": {
      "targetScope": "ALL",
      "targetPipeline": "REQUEST",
      "deploy": true,
      "deployTargetEnvironmentNameList": ["production"],
      "order": 1
    },
    "policy": {
      "type": "policy-digital-sign-verification",
      "description": "Verify request signatures",
      "active": true,
      "policyDigitalSignVerificationDefList": [
        {
          "sourceVar": {
            "type": "BODY",
            "bodyJsonPath": "$"
          },
          "signatureVar": {
            "type": "HEADER",
            "headerName": "X-Signature"
          },
          "signatureAlgorithm": "SHA256withRSA",
          "enumKeyCertificateType": "KEY",
          "cryptoKeyInfoId": "verification-key-id",
          "inputEncodingType": "BASE64"
        }
      ]
    }
  }'

Update Policy

Endpoint

PUT /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Note: Request body structure is the same as Add Policy. All fields should be provided for update.

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": [
      {
        "environmentName": "production",
        "success": true,
        "message": "Deployment successful"
      }
    ]
  }
}

Delete Policy

Endpoint

DELETE /apiops/projects/{projectName}/apiProxies/{apiProxyName}/policies/{policyName}/

Request

Headers

HeaderValue
AuthorizationBearer {token}
Content-Typeapplication/json

Path Parameters

ParameterTypeRequiredDescription
projectNamestringYesProject name
apiProxyNamestringYesAPI Proxy name
policyNamestringYesPolicy name

Request Body

Full JSON Body Example
{
  "operationMetadata": {
    "targetScope": "ALL",
    "targetPipeline": "REQUEST",
    "deploy": false
  }
}

Response

Success Response (200 OK)

{
  "success": true,
  "deploymentResult": {
    "success": true,
    "deploymentResults": []
  }
}

Notes and Warnings

  • Signature Algorithms:
    • RSA: SHA256withRSA, SHA384withRSA, SHA512withRSA (recommended)
    • ECDSA: SHA256withECDSA, SHA384withECDSA, SHA512withECDSA (for elliptic curve)
    • DSA: SHA1withDSA, SHA224withDSA, SHA256withDSA (legacy)
  • Key/Certificate Type:
    • KEY - Uses public key from CryptoKeyInfo (requires cryptoKeyInfoId)
    • CERTIFICATE - Extracts public key from certificate (requires certificateId)
  • Input Encoding:
    • BASE64 - Base64 encoding (must match sign policy output)
    • HEXADECIMAL - Hexadecimal encoding (must match sign policy output)
  • Source Variable: Variable containing data that was signed (must match original signed data)
  • Signature Variable: Variable containing signature to verify
  • Signature Algorithm:
    • Can be specified directly via signatureAlgorithm
    • Can be extracted from variable via signatureAlgorithmVar
    • Must match algorithm used for signing
  • Key Management:
    • CryptoKeyInfo or Certificate must be configured in Apinizer
    • Public key must be accessible for verification
    • Key must match signature algorithm (RSA key for RSA algorithms, ECDSA key for ECDSA algorithms)
  • Verification Failure:
    • Invalid signature causes verification to fail
    • Policy execution stops and error is returned
    • Request/response is blocked if verification fails
  • Performance: Signature verification adds cryptographic processing overhead. Use for necessary integrity/authenticity checks only.
  • Pipeline:
    • REQUEST pipeline verifies request signatures before processing
    • RESPONSE pipeline verifies response signatures before sending to client
  • Error Handling: Invalid signature, missing data, or algorithm mismatch causes verification to fail
  • Deployment: Policy changes require deployment to take effect. Set deploy: true or deploy manually.
  • ⚠️ API Status:
    • This policy is currently NOT IMPLEMENTED in Management API
    • Attempting to create or update this policy via Management API will fail
    • This documentation is provided for reference purposes only
    • Full API support will be added in a future release