Keypair Authentication
Engine supports keypair authentication allowing your app to generate short-lived access tokens.
Advanced feature
Keypair authentication is an advanced feature and must be explicitly enabled.
Contact us to enable this on your Cloud-hosted Engine instance.
Don't need short-lived access tokens? Utilize Access Tokens which are valid until deleted.
- You don't want an access token to be reused for a long duration if shared or compromised.
- You want to restrict what each access token can do (e.g. specific calls).
Generate a cryptographic keypair in your terminal with openssl
.
These commands generate a private and public key with the ES256
algorithm.
- Navigate to the Engine dashboard and select your engine.
- Select Access Tokens.
- Select Keypair Authentication.
- Note: If this option is unavailable, your Engine instance may not be configured to support keypairs.
- Select Add Public Key.
- Add your public key including the
-----
boundary lines.
This step must be done for each request.
Provide the access token in the Authorization
header.
To ensure this access token can only execute a specific payload, provide a SHA256 hash of the payload body as the bodyHash
argument of the signed object.
Example: This access token is restricted to transfer 0.1 MATIC on Polygon to 0xE68FFAE106cc68A0e36Ba9Fd86f27337E3a71da6.
Set the environment variable ENABLE_KEYPAIR_AUTH="true"
and restart your Engine.
The following algorithms can be used.
Refer to the OpenSSL documentation on generating keypairs for different algorithms.
Remember to change algorithm
in the jsonwebtoken.sign()
call on Step 3. Sign a JWT with your private key.