One easy and secure way to communicate between your web application and your Restful backend services in a micro-service driven architecture is to use a dynamic API-KEY via Time-Based One Time algorithm instead of a constant API Key or JSON Token. each time that the web application sends a request to any of the Restful backend servers, it will include a new API Key which has been generated by the Easy TOTP library. On the service side, by using the same Easy TOTP library the same API-Key can be generated to be compared with the generated API_Key by the web application in order to authenticate the request.
- Easy to implement and use
The API-Keys generated by Easy TOTP are valid in short time span which will be given to the library on the initialization as "Time Step".
string Key = "12345678901234567890123456789012"; //32 chars var totp = new Totp() .Secret(Key) .Length(8) .ValidFor(TimeSpan.FromSeconds(5)); var output = totp.Compute(); //output = 12345678
string Key = "12345678901234567890123456789012"; //32 chars string _aesKey = "12345678901234567890123456789012"; //32 chars string _aesIv = "1234567890123456"; //16 chars var totp = new Totp() .Secret(Key) .Length(8) .ValidFor(TimeSpan.FromSeconds(5)) .UseDefaultEncryptor(_aesKey,_aesIv); var output = Convert.ToBase64String(totp.ComputeEncrypted()); //output = DV/tzyq8YG+BRZGSpOVNZQ==
Happy coding :)