Does anyone know how to add HMAC based authentication for WSO2 API Manager? Background

Question

0

Asked: June 18, 20262026-06-18T14:25:54+00:00 2026-06-18T14:25:54+00:00

Does anyone know how to add HMAC based authentication for WSO2 API Manager? Background

0

Does anyone know how to add HMAC based authentication for WSO2 API Manager?

Background – We’re rolling out WSO2 API Manager 1.3 in front of our publicly available web services and we need JavaScript applications (once authenticated) to be able to consume the services directly (not via a service proxy on their server to handle the OAuth authentication).

Does anyone know the easiest way to get this implemented in WSO2? We’ve started implementing an AbstractHandler and Authenticator but this seems overkill – someone must have done this or have some pointers on this?

Thank you very much in advance.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-06-18T14:25:55+00:00

Editorial Team

2026-06-18T14:25:55+00:00Added an answer on June 18, 2026 at 2:25 pm

You can write your own handler which can implement the AbstractHandler.
Signature verification can be implemented as an API handler similar to the ‘APIAuthenticationHandler’. The access token that was provided earlier can be used as the Mac Identifier. The consumer secret can be used as the Mac key, which is a shared secret between the consumer and the provider used to sign the normalized request string.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Does anyone know how to add HMAC based authentication for WSO2 API Manager? Background

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply