🚀Secure API-to-API Communication with HMAC: Implementation using NestJS, AWS, and Postman🔥

Kishan Maurya — Tue, 17 Dec 2024 18:36:03 +0000

Introduction
In today’s interconnected systems, security is crucial for API communication. HMAC (Hash-based Message Authentication Code) is a powerful method to ensure both integrity and authenticity in API calls.

In this article, we’ll cover:

How HMAC works for API-to-API calls.
Step-by-step HMAC setup using NestJS and AWS (with UseGuards).
Postman testing of HMAC-protected endpoints using a custom script.

1. How HMAC Works for API-to-API Calls

What is HMAC?

HMAC combines a secret key and message to generate a unique hash. This ensures:

Integrity: The message hasn’t been tampered with.
Authenticity: The request comes from a trusted sender.

Visual Diagram:
How HMAC works

HMAC Flow

Client: Generates the HMAC hash using a secret key and the request payload.
Server: Computes the hash on its end using the same secret key.
Validation: If both hashes match, the request is valid.

2. HMAC Setup Using NestJS and AWS

Step 1: Install Dependencies
Install necessary libraries:

npm install crypto aws-sdk @nestjs/config

Step 2: Store the Secret Key in AWS Secrets Manager

Go to AWS Console → Secrets Manager → Create a Secret.
Add your secret key securely.
Retrieve this key in your NestJS application.

Visual Step-by-Step:

Step 3: Create the HMAC Service

hmac.service.ts

import { Injectable } from '@nestjs/common';
import * as crypto from 'crypto';
import { SecretsManager } from 'aws-sdk';

@Injectable()
export class HmacService {
  private secretKey: string;

  constructor() {
    this.loadSecret();
  }

  async loadSecret() {
    const secretsManager = new SecretsManager({ region: 'us-east-1' });
    const secret = await secretsManager
      .getSecretValue({ SecretId: 'your-secret-key' })
      .promise();
    this.secretKey = secret.SecretString || '';
  }

  generateHmac(payload: string): string {
    return crypto
      .createHmac('sha256', this.secretKey)
      .update(payload)
      .digest('hex');
  }

  validateHmac(payload: string, clientHash: string): boolean {
    const serverHash = this.generateHmac(payload);
    return serverHash === clientHash;
  }
}

Step 4: Use Guards for HMAC Validation
Instead of middleware, create a guard to validate HMAC hashes.

hmac.guard.ts

import { Injectable, CanActivate, ExecutionContext, UnauthorizedException } from '@nestjs/common';
import { HmacService } from './hmac.service';

@Injectable()
export class HmacGuard implements CanActivate {
  constructor(private readonly hmacService: HmacService) {}

  canActivate(context: ExecutionContext): boolean {
    const request = context.switchToHttp().getRequest();
    const payload = JSON.stringify(request.body);
    const clientHmac = request.headers['x-hmac-signature'] as string;

    if (!clientHmac || !this.hmacService.validateHmac(payload, clientHmac)) {
      throw new UnauthorizedException('Invalid HMAC signature');
    }

    return true; // Allow request if HMAC is valid
  }
}

Step 5: Apply UseGuards to Routes
app.controller.ts

import { Controller, Post, Body, UseGuards } from '@nestjs/common';
import { HmacGuard } from './hmac.guard';

@Controller('secure-endpoint')
export class AppController {
  @Post()
  @UseGuards(HmacGuard)
  handleSecureEndpoint(@Body() data: any) {
    return { message: 'Request successfully validated!', data };
  }
}

Visual Representation :-

3. Testing HMAC-Secured Endpoint Using Postman

Step 1: Add Pre-request Script
Generate the HMAC hash dynamically in Postman:

Pre-request Script:

const crypto = require('crypto');

// Payload
const payload = JSON.stringify({
  data: 'Sample request payload',
});

// Secret Key (replace with your key)
const secretKey = 'your-shared-secret-key';

// Generate HMAC Hash
const hash = crypto
  .createHmac('sha256', secretKey)
  .update(payload)
  .digest('hex');

// Add HMAC hash to headers
pm.request.headers.add({
  key: 'x-hmac-signature',
  value: hash,
});

console.log('Generated HMAC:', hash);

Step 2: Configure Postman Request

Method: POST
Headers: Automatically set by the script.
Body: Add payload in JSON format.

Example Payload:

{
  "data": "Sample request payload"
}

Step 3: Test and Verify

Hit Send.
If the HMAC is valid, you’ll receive a 200 OK response.

Conclusion

By implementing HMAC using NestJS and testing with Postman, you can ensure:

Integrity and authenticity in API-to-API communication.
A clean, modular approach using UseGuards for route protection.
Secure key management with AWS Secrets Manager.

Key Takeaways

Use HMAC Guards for scalable and modular validation.
Securely manage shared secrets using AWS Secrets Manager.
Test HMAC validation easily with Postman scripts.

Let me know how you implement HMAC in your systems! 🚀
Connect with me for more API security insights.

NestJS #AWS #HMAC #APISecurity #Postman #BackendDevelopment #SpringBoot #JavaDevelopment #Microservices #SpringCloud #BackendDevelopment #RESTAPI #DevTools #SoftwareEngineering #SpringBootTesting #JWTAuthentication #DistributedTracing #EventDrivenArchitecture #EurekaServer #SpringSecurity #APIIntegration #Technology #Programming #Coding #SoftwareEngineering #TechInnovation #TechCommunity #JavaScript #Python #TypeScript #Golang #Java #RubyOnRails #CSharp #PHP #Swift #Kotlin #Rust #SQL #HTML #CSS #NodeJS #ReactJS #AngularJS #VueJS #Django #Flask #SpringBoot #CloudComputing #Blockchain #AI #MachineLearning #APIDevelopment #CyberSecurity #ScalableArchitecture #BackendDevelopment #DevOps#AWS#Terraform #DynamoDB #NestJS#CleanCode #TechTrends #Upskilling #TechCareer #Innovation #BestPractices

Selection Sort Algorithms

Kishan Maurya — Sun, 05 Jul 2020 17:29:09 +0000

Selection sort is an algorithm that selects the smallest element from an unsorted list in each iteration and places that element at the beginning of the unsorted list.

How Selection Sort Works?
Set the first element as minimum.
Selection Sort Steps
Select first element as minimum
Compare minimum with the second element. If the second element is smaller than minimum, assign the second element as minimum.

Compare minimum with the third element. Again, if the third element is smaller, then assign minimum to the third element otherwise do nothing. The process goes on until the last element.
Selection Sort Steps
Compare minimum with the remaining elements
After each iteration, minimum is placed in the front of the unsorted list.
Selection Sort Steps
Swap the first with minimum
For each iteration, indexing starts from the first unsorted element. Step 1 to 3 are repeated until all the elements are placed at their correct positions.
Selection Sort Steps
The first iteration

Selection sort steps
The second iteration

Selection sort steps
The third iteration

Selection sort steps
The fourth iteration
Selection Sort Algorithm
selectionSort(array, size)
repeat (size - 1) times
set the first unsorted element as the minimum
for each of the unsorted elements
if element < currentMinimum
set element as new minimum
swap minimum with first unsorted position
end selectionSort
Python, Java and C/C++ Examples
Python
Java
C
C++

Selection sort in Python

def selectionSort(array, size):

for step in range(size):
    min_idx = step

    for i in range(step + 1, size):

        # to sort in descending order, change > to < in this line
        # select the minimum element in each loop
        if array[i] < array[min_idx]:
            min_idx = i

    # put min at the correct position
    (array[step], array[min_idx]) = (array[min_idx], array[step])

data = [-2, 45, 0, 11, -9]
size = len(data)
selectionSort(data, size)
print('Sorted Array in Ascending Order:')
print(data)
Complexity
Cycle Number of Comparison
1st (n-1)
2nd (n-2)
3rd (n-3)
... ...
last 1
Number of comparisons: (n - 1) + (n - 2) + (n - 3) + ..... + 1 = n(n - 1) / 2 nearly equals to n2.

Complexity = O(n2)

Also, we can analyze the complexity by simply observing the number of loops. There are 2 loops so the complexity is n*n = n2.

Time Complexities:

Worst Case Complexity: O(n2)
If we want to sort in ascending order and the array is in descending order then, the worst case occurs.
Best Case Complexity: O(n2)
It occurs when the array is already sorted
Average Case Complexity: O(n2)
It occurs when the elements of the array are in jumbled order (neither ascending nor descending).
The time complexity of the selection sort is the same in all cases. At every step, you have to find the minimum element and put it in the right place. The minimum element is not known until the end of the array is not reached.

Space Complexity:

Space complexity is O(1) because an extra variable temp is used.

Selection Sort Applications
The selection sort is used when:

a small list is to be sorted
cost of swapping does not matter
checking of all the elements is compulsory
cost of writing to a memory matters like in flash memory (number of writes/swaps is O(n) as compared to O(n2) of bubble sort)

DEV Community: Kishan Maurya

🚀Secure API-to-API Communication with HMAC: Implementation using NestJS, AWS, and Postman🔥

Selection Sort Algorithms

Selection sort in Python