Secure your mock APIs

Secure your APIs against unauthorized use.

Now that Mocklets APIs are being used in production environment to manage Application Configuration and experiment with new features, there is a need to secure the APIs against unauthorized use.

Collections have a Private key associated to them. You will find it in Auth Credentials in Collection Settings dialog.

To set an API as secured, just select the option Mark API as Secure in API settings.

That's it, your API is now secure! Now all the unauthorized requests to the above API will start failing.

Making Authorized requests

Once your API is set as secured, you cannot connect to it through unauthorized requests. In order to make an authorized request, you need to provide Auth headers with your requests.

X-Mocklets-PublicKey : PUBLIC_KEY
X-Mocklets-Checksum : b2b449452e99c7804585021971fb7a84

X-Mocklets-PublicKey Public key is a string value used by client system to create the checksum. Public key is created by the client.

X-Mocklets-Checksum To generate checksum, you have to create MD5 hash string for Public key (provided in X-Mocklets-PublicKey header) and Private key (from Mocklets collection settings) pair.

checksum = MD5_HASH(PUBLIC_KEY : PRIVATE_KEY)

Please refer the following code snippets to generate MD5 Hash.

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
.
.
String plainText = PUBLIC_KEY + ":" + PRIVATE_KEY;

MessageDigest md = MessageDigest.getInstance("MD5");
byte[] hashInBytes = md.digest(password.getBytes(StandardCharsets.UTF_8));

StringBuilder builder = new StringBuilder();
for (byte bt : hashInBytes) {
    builder.append(String.format("%02x", bt));
}

String checksum = builder.toString();

You can also use online MD5 hash generator tools to create checksum value. One such tools is https://www.md5online.org.

Last updated