Ownera APIs are protected by an authentication mechanism that restrict access from unauthorized entities, the authorization is based on a custom authorization header that is verified and expected to be present in each request.

The Ownera authorization header is required to communicate with the Ownera APIs, the header should represent a JSON object which contains the associated organization id, API key, nonce, timestamp and one time generated access token.

The one time access token is required to be generated for each request to the Ownera APIs, one time access tokens are time bounded by the timestamp value of the authorization object and are limited for one time use, tokens which their timestamp is outside of the accepted time range or that the token was already previously used will be rejected.

Access token is generated by concatenation of the API key, random nonce value and current epoch timestamp in seconds, this digest signed using the associated secret of the API key (HS256, RS256) and encoded as an hexadecimal string.

The authorization object, including the generated access token, is base64 encoded an sent to the API as bearer authorization header.

const nonce = crypto.randomBytes(16).toString('hex');
const timestamp = Math.floor(new Date().getTime() / 1000);
        
const rawAccessToken = `${API_KEY}${nonce}${timestamp}`;
        
const accessToken = crypto.createSign('SHA256').update(rawAccessToken).sign(Buffer.from($PRIVATE_KEY)).toString('hex');
        
const authInfo = {
    organization: $ORGANIZATION_ID,
    apiKey: $API_KEY,
    nonce,
    timestamp,
    accessToken
};
        
const authorizationHeader = Buffer.from(JSON.stringify(authInfo)).toString("base64");

📘

API Keys and Secrets

API key, Secret and Organization ID are allocated as part of the deployment of Ownera's platform, an operator or admin may allocated and configure those as part of the initial setup of the environment.

Example of generating a compatible RSA key for RS256 authorization:

Generate private key: openssl genrsa -out prv.key 4096
Generate public key from the private key: openssl rsa -in prv.key -RSAPublicKey_out -out pub.key