Home/ Questions/Q 421403
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T18:58:47+00:00

Question: Is this API authentication technique easily hackable? apiKey = 123456789 apiCallId = 1256341451

  • 0

Question: Is this API authentication technique easily hackable?

apiKey = "123456789"
apiCallId = "1256341451"
apiSecret = "67d48e91ab2b7471d4be2a8c2e007d13"
sig = md5(apiKey + apiCallId + apiSecret) = 09c297a354219f173bfc49c2e203ce03

where

  • apiKey: some unique identifier for the user
  • apiCallId: a unique integer that must be increasing in value (e.g. UNIX time stamp)
  • apiSecret: string known only to the user, and us – not passed in URL
  • sig: “unhackable” signature of this API call – MD5 hash

Example API call:

http://api.domain.com/?apiKey=123456789&apiCallId=1256341451&sig=09c297a354219f173bfc49c2e203ce03&param1=x&param2=y

This API does not require a session, and is not designed for a 3rd party to use on behalf of a user. Instead, it is to be used by the user themselves.

I really like the simplicity of this. The requirement of apiCallId being unique, and always increasing means reusing a sig is not possible, so I feel like it is secure (protected against replay attacks), but I am not an expert.

Other APIs use all of the GET parameters sorted alphabetically when calculating the sig, but I do not see why this is necessary when including apiCallId.

Please try and hack this now before it is implemented and released.

I welcome any feedback, suggestions and security education.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    What you are doing seems reasonably sane, except for not checking the parameters (which is going to be a pretty big problem).

    Something which is very similar to your design which it might be wise to copy is the Amazon Web Services Request Authentication Scheme

    In particular make sure your encoding scheme for the parameters is unambiguous and invertible; Amazon screwed this up at one point. Learn from their mistakes. 🙂

    Cryptographically speaking, what you are doing is not called a signature but rather a message authentication code (MAC). A MAC can be created and verified by anyone who shares the secret key (the term ‘signature’ is normally reserved for public key schemes like DSA or RSA). MD5(msg || K) is a known and reasonably sane MAC; I’m not sure if you missed it by accident or on purpose, but a method that seems on the surface to be equivalent, MD5(K || msg), is quite insecure, because a quirk in how MD5 (and most other hash functions) are designed means that if you know H(m) you can easily compute H(m || m2) for any m2 – so if you were using MD5(K || param1=5), someone could pull this off the wire and then create MD5(K || param1=5,param2=666). (It’s perhaps a bit more technical than you’re interested in, but this is called the length extension property).

    However while MD5(K || msg) is probably ‘fine’, you are better off using something like HMAC, because it was actually designed as a MAC. MD5 has a lot of problems but nothing directly affecting its use as a MAC (yet – MD4 has been broken in this way). So for future-proofing (and audit-proofing) use HMAC with SHA-1 or SHA-256 instead. Even if you don’t want to pull in a crypto library, HMAC is quite simple and there are known values available for SHA-1 and SHA-2 so you can check your code.

    • 0