Looking for sample API Proxy for Hawk authentication, Any help is appreciated.
PS: Posted on behalf of @Sarvana kumar rajagopal
I haven't used HAWK but here is a Github repo that does Http Signature and, separately, HMAC.
I have used the Http Signature along with a simple SHA256 Digest of the payload. The way it works:
Computing and verifying the digest (unkeyed MAC, aka Hash) on the server is handled by a separate callout. Putting it all together, the flow looks like this:
<PreFlow> <Request> <Step> <Name>RF-MissingAuthzHeader</Name> <Condition>request.header.authorization = null</Condition> </Step> <Step> <Name>Java-ParseHttpSignature</Name> </Step> <Step> <Name>VerifyApiKey-1</Name> </Step> <Step> <Name>Java-VerifyHttpSignature</Name> </Step> <Step> <Name>Extract-Digest-SHA256</Name> </Step> <Step> <Name>Java-VerifyHash-SHA256</Name> </Step> <Step> <Name>AM-InjectRequestHeaders</Name> </Step> </Request> </PreFlow>