Docusign Connect API身份验证 [英] Docusign Connect API authentication
问题描述
我有两个问题.如何确定以下哪一项最适合我作为身份验证方法?
I have two questions. How to decide which one of the following is best for me to choose as my authentication method?
- 使用X509证书签名消息
- 需要相互TLS
如何实现两种身份验证方法?我正在使用Rails 4应用程序作为Connect API端点.
How to implement the two authentication methods? I am using a Rails 4 app as my Connect API endpoint.
推荐答案
最适合您的情况取决于您的情况和优先事项.
What's best for you will depend on your situation and priorities.
带有X509证书的签名消息
Sign Message with X509 Certificate
这可用于验证或证明消息的来源.在这种情况下,DocuSign.这可能对审核有用.
This can be used to verify or prove the source of the message. In this case DocuSign. This could be useful for auditing purposes.
需要相互TLS
Require Mutual TLS
使用相互身份验证TLS,发送方和接收方都可以使用证书进行相互验证.因此,接收方知道通信已由DocuSign启动,并且DocuSign服务验证接收方使用的证书是否符合DocuSign控制台中的配置设置.这样做的目的是防止中间人式攻击,这种攻击可能会阻止攻击者拦截和修改/记录通信.
With Mutual Auth TLS both the sender and the receiver verify each other using certificates. So the receiver knows the communication has been initiated by DocuSign, and the DocuSign service verifies that the certificate used by the receiver is as per configuration settings in the DocuSign console. The aim here is to prevent a Man-in-the-middle type attack where the communication could be intercepted and modified/recorded by an attacker.
此答案更详细地讨论了差异.
This answer talks about the differences in more detail.
我认为关键是两种方法都可以解决不同的问题,具体取决于您的情况,您可能需要一个,或者两者都不需要.
I think the key point is both approaches solve different problems, depending on your situation you may require one, both or neither.
关于实现,TLS通常在服务器级别完成,因此可能只需要配置而无需应用程序代码.另一方面,XML签名通常在应用程序内部完成.
Regarding implementation, TLS is typically done at a server level, so may require only configuration and no application code. XML signing on the other hand is typically done within the application itself.
这篇关于Docusign Connect API身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
