Managing Web Services › CA SDM REST API › REST Security › How Secret Key Authentication Works
How Secret Key Authentication Works
The CA SDM Secret Key authentication is a process that verifies the following:
- The identity of the request sender.
- That the sender is a registered user.
Secret Key authentication requires that each request includes information about the identity of the request sender. The request must also include additional information that CA SDM can use to verify the authenticity of the user. When the request passes this verification test, the request is determined to be authentic. During authentication for an Access Key request, CA SDM secret authentication does the following:
- Assigns an access key to a client. The access key identifies the client responsible for a request and uses the CA SDM session ID as the key value. Because an access key is sent as a request parameter, it is not secret. Anyone sending a request to CA SDM can use the request parameter, therefore, a secret key is needed.
- Assigns a secret key. A secret key is a 40-character alphanumeric sequence dynamically generated by CA SDM during login. The product encrypts this secret key before storing it in the database.
- Uses client-provided information (a request signature using the secret key) to identify the client and verify that the request is legitimate. This additional information protects users from impersonation and demonstrates possession of a shared secret known only to CA SDM and the sender of the request.
|
Copyright © 2012 CA.
All rights reserved.
|
|
