Keys Exchange
1. Signed Request
All requests to our APIs must use the HTTPS protocol, using TLS 1.2 or 1.3, containing two Headers:
- API-CLIENT-KEY: A key provided by our Integration team that identifies a specific integration;
- AUTHORIZATION: A signature of the request that must be performed as explained in this manual;
As standard, QI DTVM uses asymmetric keys, where there are two different keys, one for signing, called private key, and one for reading, called public key. With the private key, the integrating partner must perform the signature using the JWT standard. The integrating partner is responsible for generating the pair and providing the public key to the QI DTVM team so that we can validate their requests.
The private key is for exclusive use by the integrating partner, and must be stored securely. QI DTVM will never ask, under any circumstances, for you to share it with us.
2. Generating the pair
To generate a private key on a UNIX computer:
$ ssh-keygen -t ecdsa -b 521 -m PEM -f private.key
And from this private key generate your public key.
$ openssl ec -in private.key -pubout -outform PEM -out public.key.pub
The generated public key (public.key.pub file) must be sent to the QI Tech team, and wait for the integration to be configured;