You are currently viewing Zend Server 5.x documentation. Click here to view the latest Zend Server online documentation.
You are here: Web API Reference Guide > Authentication and Message Verification

Authentication and Message Verification

API request authentication is done by creating a digital signature of some request parameters using an account-specific secret key. This signature, as well as the key name is then sent in the custom X-Zend-Signature HTTP header.

The server will compare this signature with the expected signature (calculated based on the same key and parameters as known to the server) and will only authorize the request if the signatures match.

Note:

This authentication and validation method does not contradict the use of HTTPS to encrypt the communication channel, which is recommended but not required.

This section includes the information on the following:

 

© 1999-2013 Zend Technologies, Ltd. All rights reserved.