# Security Requirements ### API Key All requests from the partner to Gotadi's system must include the following headers to support security operations and data statistics for Gotadi: * apikey: \ * x-ibe-req-name: \ Note The \ and \ values are provided by Gotadi to the Partner. *** ### Digital signature Some important APIs require a digital signature to be attached to the request and response for authentication.

Generating a Digital Signature

The sender applies the RSA-SHA256 algorithm combined with their own Private Key to sign the digital signature on the signature data. **Note:**\ The schema for constructing the signature data will be specifically described in each API. Java example code ``` public static String signRSA(String signatureData, String xmlPrivateKey) throws Exception { PrivateKey privateKey = getPrivateKeyFromXML(xmlPrivateKey); Signature instance = Signature.getInstance("SHA256withRSA"); instance.initSign(privateKey); instance.update(signatureData.getBytes("UTF-8")); byte[] signature = instance.sign(); return Base64.encodeBase64String(signature); } ```

Digital signature verification

The receiver uses the RSA-SHA256 algorithm and the sender's Public Key to verify the signature created by the sender.a. Java example code ``` public static boolean verifyRSA(String signedData, String signature, String xmlPublicKey) throws Exception { PublicKey publicKey = getPublicKeyFromXML(xmlPublicKey); Signature instance = Signature.getInstance("SHA256withRSA"); instance.initVerify(publicKey); instance.update(signedData.getBytes("UTF-8")); return instance.verify(Base64.decodeBase64(signature)); } ```