GAP — Signature Generation & Verification

Request Signing and Verification

Before the integration, the Operator generates a private/public key pair, and provides the public key to GAP.
Both parties should verify all requests will be signed with RSA-SHA256.
The integration transmit formation is Json. And is encoded by UTF-8.
The Operator generates a private/public key pair and sends the public key to GAP.
Similarly GAP sends its public key to the Operator.
The body of all requests will be signed with RSA-SHA256 using the respective private key and encoded to BASE64.
The signature will be placed in the "Signature" header.
The Operator needs to verify all Wallet API requests using the public key provided by GAP.
GAP verifies all Games API requests using the public key provided by the Operator.

Key Generation

Using this url the operator can generate public & private key pair:

https://travistidwell.com/jsencrypt/demo/

Sample Code for Signature Generation & Verification

Node.js

Reference: https://paste.rs/jBgfT.js (link may have expired)

Go

Reference: https://paste.rs/SBd2h.go (link may have expired)

Note: The paste.rs links above were provided in the original GAP documentation. If they are unavailable, request the sample code directly from the GAP team.

Request Signing and Verification​

Key Generation​

Sample Code for Signature Generation & Verification​

Node.js​

Go​

Request Signing and Verification

Key Generation

Sample Code for Signature Generation & Verification

Node.js

Go