To pair an API Client with the API Signer, create a public/private signature key pair for the API client. Fordefi currently supports ECDSA signatures over the NIST P-256 curve (also known as: secp256r1 or prime256v1). You can use an external key management service (such as AWS KMS) to generate and store the private key and to sign the transaction requests. Then register the public key directly with the API Signer.
To create the private key using openSSL:
Open a terminal and issue the following command:
openssl ecparam -genkey -name prime256v1 -noout -out private.pem
Extract the public key:
openssl ec -in private.pem -pubout
To upload the API client public key:
- Open the API Signer and select Register API user key.
- Select the API User from the list and press Enter.
- Paste your public key and press Enter.
Example public key
The public key should be copied without spaces or new lines, as follows: