DATE:
AUTHOR:
Shanze Munir
Announcements API

Introducing message signatures for API requests

DATE:
AUTHOR: Shanze Munir

What’s changed?

We've enhanced our platform's security by introducing message signatures for API requests.

From 9th December 2024, message signing will be mandatory for all API requests in the live environment. Until then, it's optional but we strongly recommend it.

There are two steps to creating a message signature:

  1. Creating and registering a key pair: only users with the admin role can do this.

  2. Signing a message: anyone sending API requests can do this.

For detailed instructions, see our message signature guide.

How will this affect me?

In the live environment

  • Between 17th October 2024 to 9th December 2024: Message signing is optional.

  • From 9th December 2024: All API requests must include a valid signature.

We control the 'Validate all requests' toggle in the live environment. You can view this by navigating to Settings > Message signatures.

The toggle will remain off until 9th December, after which we'll switch it on permanently.

Even with the toggle off, you can test your implementation using our test endpoint. We'll validate any signed messages you send.

In the sandbox

You control the 'Validate all requests' toggle.

  • When the toggle is on: all requests must be signed. This mimics our live environment.

  • When the toggle is off: both signed and unsigned requests are accepted, and signed requests are still validated.

Why have we done it?

Message signing will make our platform more secure. It allows us to verify the authenticity of the API requests we receive and will prevent tampering with API requests during transmission.

How will this affect existing integrations?

This change will require you to update your existing integrations by 9th December 2024, so that all API requests include message signatures.


Thanks for reading!

Ready to explore? Sign up for our sandbox to start testing.

Need help? Chat with us in-app or email product@griffin.com.

Stay connected:

 Read our docs

 Join our Slack community

Try our Postman collection

 Follow us on LinkedIn

Powered by LaunchNotes