CRYPTO NEWS

Is using a developer key alone secure enough to protect a REST API?

I’d like to implement a RESTful API service over HTTP that developers can call from their server side environments.

I intend to use a cryptographically secure pseudo-random number generator (CSPRNG) to generate keys and then convert the bits to a text-friendly encoding format (say base58). e.g. a random 256-bit number of say 0xbcd612439baf13189ee65469306651c341212cfea9b887fd0ce0bb2d4e95e97a would be base58 encoded to Di8yS3NxymgwuaD6Ft4B7Yi6GdW5hbmLdWYJm22YBZRj.

My API endpoint would be use HTTP with TLS (e.g. https://example.com/api/v1). The HTTP request header would be used to send the developer key in the following way:

Authorization: Bearer Di8yS3NxymgwuaD6Ft4B7Yi6GdW5hbmLdWYJm22YBZRj

I aim to store the SHA256 hash of the developer key in an SQL database server-side. I plan uses a constant time comparison to compare the calculated hash to the corresponding hash from the database.

Is the above scenario "secure enough" (from the perspective that I’ve done my part as an engineer to mitigate issues)?

If not, why and what should I learn to make it better?

Any other tips or advice welcome please.

Trust Wallet takes time to send receipt to the dApp

I’m using the Wallet Connect library to integrate the Trust Wallet with dApp. It gets connected, gets the pop-up for transaction confirmation, after clicking on "confirm" it sends transaction hash (triggers on(‘transactionHash’, function()) to the dApp but it does not send receipt to the dApp once the transaction is mined, or sometimes takes minutes after::Listen

I’m using the Wallet Connect library to integrate the Trust Wallet with dApp. It gets connected, gets the pop-up for transaction confirmation, after clicking on "confirm" it sends transaction hash (triggers on('transactionHash', function()) to the dApp but it does not send receipt to the dApp once the transaction is mined, or sometimes takes minutes after it was mined.

However, this flow works perfectly with the Metamask wallet.

I would really appreciate it if anyone provides any lead/solution to this.

Is using a developer key alone secure enough to protect a REST API?

Shopping cart
There are no products in the cart!
Continue shopping
0