Hi @Nikita_G,

You're on the right track with using Cloud Run and Secret Manager for securing API interaction. Here's a comprehensive breakdown on how to implement signed data generation and integrate with your API endpoint:

1. Fetching Keys from Secret Manager

• Cloud Run Environment Variables: Store the Secret Manager secret names as environment variables in your Cloud Run service.
• Fetching Secrets: In your Cloud Run service’s code, use the Google Cloud client library for Secret Manager to retrieve the secrets.

2. Implementing Signed Data Generation

• Choose a Signing Algorithm: Select an appropriate cryptographic algorithm for signing the data, such as RSA.
• Create a Signing Object: Use a cryptographic library to create a signing object using the fetched private key.
• Prepare Data for Signing: Structure the registration data as a dictionary or string, ensuring it includes all required fields.
• Sign the Data: Use the signing object to generate the signature based on the data and the chosen algorithm.
• Include Signature in Request Payload: Add the generated signature as a separate field in the request payload sent to the API endpoint.

3. Verification on the API Side

• Extract Signature: The API endpoint will extract the provided signature from the request payload.
• Validate Signature: The API endpoint will use the public key to verify the signature against the provided data using the same signing algorithm and parameters.
• Handle Errors: The API should handle errors during signature verification and respond accordingly

I hope the above information is helpful.