Lib.rs

Cryptography
#truelayer

truelayer-signing

Produce & verify TrueLayer API requests signatures

by Alex Butler, Alessandro Zanin, tl-rodrigo-gryzinski, Conrad Ludgate, Alessandro Bracco, Alex Butler, tl-marco-tormento, tl-flavio-barinas, Matt Davis and 11 contributors. Co-owned by tl-helge-hoff.

7 releases

0.1.6 Dec 20, 2022
0.1.5 Aug 15, 2022
0.1.4 Jul 18, 2022
0.1.3 Feb 16, 2022
0.1.0 Oct 14, 2021

#142 in Cryptography

Download history 723/week @ 2022-12-01 564/week @ 2022-12-08 306/week @ 2022-12-15 134/week @ 2022-12-22 245/week @ 2022-12-29 465/week @ 2023-01-05 627/week @ 2023-01-12 656/week @ 2023-01-19 1002/week @ 2023-01-26 736/week @ 2023-02-02 857/week @ 2023-02-09 528/week @ 2023-02-16 652/week @ 2023-02-23 344/week @ 2023-03-02 456/week @ 2023-03-09 755/week @ 2023-03-16

2,380 downloads per month

MIT/Apache

29KB
525 lines

truelayer-signing

Rust crate to produce & verify TrueLayer API requests signatures.

Crates.io Docs.rs

// `Tl-Signature` value to send with the request.
let tl_signature = truelayer_signing::sign_with_pem(kid, private_key)
    .method("POST")
    .path("/payouts")
    .header("Idempotency-Key", idempotency_key)
    .body(body)
    .sign()?;

See full example.

Prerequisites

  • OpenSSL (see here for instructions).

Verifying webhooks

The verify_with_jwks function may be used to verify webhook Tl-Signature header signatures.

// `jku` field is included in webhook signatures
let jku = truelayer_signing::extract_jws_header(webhook_signature)?.jku?;

// check `jku` is an allowed TrueLayer url & fetch jwks JSON (not provided by this lib)
ensure_jku_allowed(jku)?;
let jwks = fetch_jwks(jku);

// jwks may be used directly to verify a signature
truelayer_signing::verify_with_jwks(jwks)
    .method("POST")
    .path(path)
    .headers(all_webhook_headers)
    .body(body)
    .verify(webhook_signature)?;

See webhook server example.

Dependencies

~3–4.5MB
~92K SLoC