Skip to main content

Usage of X-LAGERTHA Header

The Lagertha API goes beyond security standards by introducing an additional mechanism to ensure integrity and prevent replay attacks. Each API call must include the custom X-LAGERTHA header to enhance the security of the entire process.

Device Authentication

To authenticate devices making requests, a unique identifier must be included with each authentication or token refresh request. This identifier is specific to the device and will be recorded by the API for later validation of calls from the same device.

Generation of X-LAGERTHA Header

An X-LAGERTHA header must be included in each request with specific content generated using the following algorithm:

// Obtain the fingerprint using fingerprintJs or another device identification library
const fingerprint = "..."
// Generate a version 4 UUID. UUID, or a uniquely generated value over time
const nonce = "..."
// Generate the cipher with SHA-512 hashing
const cipher = sha(`${fingerprint}${nonce}`)
// Encode the nonce in base64
const nonce64 = Buffer.from(cipher).toString('base64')
// Compose the final content of the header
const headerContent = `cipher="${cipher}"; nonce="${nonce64}";`
// Set the header for your request
const header = `X-LAGERTHA: ${headerContent}`

Request Authentication With each request, the API will authenticate not only the JWT login tokens but also this custom X-LAGERTHA header to validate the integrity of the request. This adds an extra layer of security, ensuring that each API call is authenticated and protected against potential attacks.

The inclusion of the X-LAGERTHA header in each request demonstrates Lagertha's commitment to security, providing enhanced protection against potential threats.