The event-chain, workflow and dispatcher service all expose REST APIs. These are available through the LTO API gateway service which acts as a proxy server.
It's recommended to use one of the LTO API client libraries if available. These libraries are configured to correctly sign requests.
All requests need to be signed following the HTTP Signatures specification using your ED25519 key set. Each request must have
Dateheader. Request with a body like
PUTrequests, must have a
(request-uri)must also be part of the signature.
KeyIdmust be the base58 encoded public ED25519 key. The
algorithmmay be either
ed25519-sha256. If you use the the SHA-256 version, the signature string needs to be hashed. The signature must be base64 encoded as required by the http signatures specifications.
The HTTP signature string is only constructed from the HTTP headers, not the body. To make sure the body hasn't been manipulated, requests are required to have a
Digestheader as described in RFC 3230. The digest needs to be a SHA-256 hash.
Note that the Digest header, is a different specification than HTTP Digest Authentication.