Download the PHP package exewen/digital-signature-php-sdk without Composer
On this page you can find all versions of the php package exewen/digital-signature-php-sdk. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download exewen/digital-signature-php-sdk
More information about exewen/digital-signature-php-sdk
Files in exewen/digital-signature-php-sdk
Package digital-signature-php-sdk
Short Description (Custom) An SDK for using eBay's APIs that require a digital signature
License Apache-2.0
Homepage https://github.com/exewen/digital-signature-php-sdk
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package digital-signature-php-sdk
Custom Digital Signature SDK
HTTP message signatures provide a mechanism for end-to-end authenticity and integrity for components of an HTTP message.
This PHP SDK is designed to simplify the process of generating digital signature headers and also provides a method to validate the digital signature headers.
Table of contents
- Digital Signatures for Public API Calls
- Features
- Usage
- License
Digital Signatures for Public API Calls
Due to regulatory requirements emanating from SCA for our European/UK sellers, we are requiring our developers to add a digital signature for every HTTP call that is made on behalf of a EU/UK seller to certain APIs.
This SDK is generic and the signature scheme is compliant with these upcoming IETF standards (currently not yet RFCs).
Features
This SDK is intended to generate required message signature headers, as per the above IETF standards. There is also an example included with the SDK.
This SDK incorporates
- Generation of the following HTTP message signature headers:
- Content-Digest: This header includes a SHA-256 digest over the HTTP payload (as specified in draft-ietf-httpbis-digest-headers-11), if any. It is not required to be sent for APIs that do not include a request payload (e.g. GET requests).
- Signature-Input: This header indicates which headers and pseudo-headers are included, as well as the order in which they are used when calculating the signature. It is created as specified in draft-ietf-httpbis-message-signatures-16
- Signature: The value of the Signature header is created as described in Section 3.1, Creating a Signature, of IETF draft-ietf-httpbis-message-signatures-16. It uses the Private Key value generated by the Key Management API.
- x-ebay-signature-key: This header includes the JWE that is created using the Key Management API
generateSignatureHeadersmethod to generate all required headers
For more details on Digital Signatures for eBay APIs please refer to the documentation.
Usage
Prerequisites
Install
In order to use this SDK, add it to your PHP application via composer:
In your code, add this line to return all headers including signature headers:
Please also check the example
Configure
In order to run the example application the example-config.json needs to be updated.
Parameters
| Name | Type | Description |
|---|---|---|
digestAlgorithm |
string | The algorithm for generating the Content-Digest header. Supported vales are sha-256 and sha-512 |
jwe |
string | The JWE generated using the Key Management API |
privateKey |
string | The privateKey generated using the Key Management API |
privateKeyStr |
string | (alternative to privateKey) Private key generated using Key Management API, surrounded by -----BEGIN PRIVATE KEY----- and -----END PRIVATE KEY----- key headers |
signatureParams |
Array | The list of headers that indicates which headers and pseudo-headers are included, as well as the order in which they are used when calculating the signature |
Note: You can refer to example-POST.php for examples of how to use the SDK (for a GET call without request body and for a POST call with body, respectively).
Running the example
- Signing Configuration Sample: example-config.json.
License
Copyright 2023 eBay Inc. Developer: Ulrich Herberg and Arturas Sendrauskas
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
All versions of digital-signature-php-sdk with dependencies
ext-json Version *
runz0rd/mapper-php Version ^2.2
phpseclib/phpseclib Version ~3.0
ext-curl Version *