GETTING STARTED
Authentication

6min
Digital Signature Authentication
The Zide client API employs digital signature authentication to ensure that the requests are genuine and have not been tampered with during transmission. Clients must use their private keys to sign the requests, the Zide api server verifies these signatures using the corresponding public keys.
Ensure your Zide private key used for signing requests is stored securely and is never shared or transmitted. The Zide client api will never ask for your private key.
Steps for clients
Steps to create the headers needed for Zide client api authentication
Create a Nonce: A nonce is a random string that should be unique for each request to prevent replay attacks.
Get the current timestamp: It helps in ensuring that the request is only valid for a specific time period to prevent replay attacks.
Create the data string: Combine the request’s URL, timestamp, and nonce to form a data string.
Sign the data string: Use your private key to sign the data string. The signing should be done using the RSA-SHA256 algorithm.
Encode the Signature: Base64 encode the signature.
Header Information
Include the following headers in the HTTP request:
X-CLIENT-ID: Your client’s ID from the Zide dashboard.
X-SIGNATURE: The base64 encoded signature.
X-TIMESTAMP: The timestamp.
X-NONCE: The nonce.
Sample Code to Create a Request
Go
Python
TypeScript
Java
package main

import (
	“crypto/rand”
	“crypto/rsa”
	“crypto/sha256”
	“crypto/x509"
	“encoding/base64”
	“fmt”
	“strconv”
	“time”
)

type ZideAuthenticationHeaders struct {
    XClientID  string `json:"X-CLIENT-ID"`
    XSignature string `json:"X-SIGNATURE"`
    XTimestamp string `json:"X-TIMESTAMP"`
    XNonce     string `json:"X-NONCE"`
}

func createAuthenticationHeaders(clientID, privateKeyPem, url string) (*ZideAuthenticationHeaders, error) {
	// Parse the private key
	block, _ := pem.Decode([]byte(privateKeyPem))
	if block == nil {
		return nil, fmt.Errorf(“failed to parse private key”)
	}	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	
	if err != nil {
		return nil, err
	}	
	
	// Create a nonce
	nonce := “unique-string”	
	
	// Get the current timestamp
	timestamp := strconv.FormatInt(time.Now().Unix(), 10)	
	
	// Create the data string to be signed
	dataToSign := url + timestamp + nonce	
	
	// Hash the data string
	hashedData := sha256.Sum256([]byte(dataToSign))	
	
	// Sign the hashed data with the private key
	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashedData[:])
	if err != nil {
		return nil, err
	}	
	
	// Base64 encode the signature
	encodedSignature := base64.StdEncoding.EncodeToString(signature)	
	
	// Create a header
	headers := &ZideAuthenticationHeaders{
        XClientID:  clientID,
        XSignature: encodedSignature,
        XTimestamp: timestamp,
        XNonce:     nonce,
    }

	return headers
}
package main

import (
	“crypto/rand”
	“crypto/rsa”
	“crypto/sha256”
	“crypto/x509"
	“encoding/base64”
	“fmt”
	“strconv”
	“time”
)

type ZideAuthenticationHeaders struct {
    XClientID  string `json:"X-CLIENT-ID"`
    XSignature string `json:"X-SIGNATURE"`
    XTimestamp string `json:"X-TIMESTAMP"`
    XNonce     string `json:"X-NONCE"`
}

func createAuthenticationHeaders(clientID, privateKeyPem, url string) (*ZideAuthenticationHeaders, error) {
	// Parse the private key
	block, _ := pem.Decode([]byte(privateKeyPem))
	if block == nil {
		return nil, fmt.Errorf(“failed to parse private key”)
	}	privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	
	if err != nil {
		return nil, err
	}	
	
	// Create a nonce
	nonce := “unique-string”	
	
	// Get the current timestamp
	timestamp := strconv.FormatInt(time.Now().Unix(), 10)	
	
	// Create the data string to be signed
	dataToSign := url + timestamp + nonce	
	
	// Hash the data string
	hashedData := sha256.Sum256([]byte(dataToSign))	
	
	// Sign the hashed data with the private key
	signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashedData[:])
	if err != nil {
		return nil, err
	}	
	
	// Base64 encode the signature
	encodedSignature := base64.StdEncoding.EncodeToString(signature)	
	
	// Create a header
	headers := &ZideAuthenticationHeaders{
        XClientID:  clientID,
        XSignature: encodedSignature,
        XTimestamp: timestamp,
        XNonce:     nonce,
    }

	return headers
}
﻿
Sample code usage example
Here is a sample code snippet that demonstrates how a client can create such a request. This is just an example, and you should adapt it according to your actual needs and environment.
Go
Python
TypeScript
Java
func makeRequest() {
	headers, err := createAuthenticationHeaders(“your-client-id”, “your-private-key-in-pem-format”, “/client/v1/transfer”)
}
func makeRequest() {
	headers, err := createAuthenticationHeaders(“your-client-id”, “your-private-key-in-pem-format”, “/client/v1/transfer”)
}
﻿
Replace “your-client-id” with the actual client ID, “your-private-key-in-pem-format” with the actual private key gotten from your Zide dashboard in PEM format, and “/client/v1/transfer” with the actual URL path the client wants to access.
﻿
Introduction
Errors