Signature Guide

The signature is a crucial component in ensuring the integrity and authenticity of the data exchanged between your application and Pleenk. By computing a signature, we can verify that the data has not been tampered with and that it originates from a trusted source.

• Signature verification (Webhook)
• Signature computing (Widget & API)

Signature Workflow

%%{init: {
  "theme": "base",
  "themeVariables": {
    "primaryColor": "#2424a3",
    "primaryBorderColor": "#2424a3",
    "primaryTextColor": "#ffffff",
    "lineColor": "#2424a3",
    "textColor": "#111111",
    "fontSize": "16px",
    "edgeLabelBackground": "#eef1ff"
  },
  "flowchart": {
    "nodeSpacing": 90,
    "rankSpacing": 90,
    "htmlLabels": true,
    "curve": "basis"
  }
}}%%

sequenceDiagram
    participant Marketplace
    participant Pleenk
    actor User

    Marketplace-->>Marketplace: Generate key pair
    Marketplace->>Pleenk: Transmit public key
    Marketplace-->>Marketplace: Generate widget link (pay, sell, approve) <br> and sign with Marketplace private key
    Marketplace->>User: Display widget link
    User-->>User: Open widget link
    User->>Pleenk: Redirect to Pleenk
    Pleenk-->>Pleenk: Authenticate and verify link <br> using Marketplace public key
    Pleenk->>Marketplace: Notify Marketplace via webhook<br>sign payload with Pleenk private key
    Marketplace-->>Marketplace: Authenticate Pleenk and verify<br>using Pleenk public key