Signed makeRequest Calls

Gadgets hosted by OpenSocket can now perform signed makeRequest calls to a server. Normal unsigned makeRequest can still be used to fetch information from any server, but signed requests are normally used to fetch or send data to/from a server under your control - in a situation where you want to verify that OpenSocket is making the call.

The current public certificate is called ‘opensocket-key-1′ and can be downloaded here:

• http://www.opensocket.org/keys/opensocket-key-1_certificate.txt

This should be copied to your own server’s key cache once only, and should not be downloaded dynamically during execution. If we need to change the key in the future, we will give advance notice. So it is a good idea to subscribe to our RSS feed so that you hear about it.

For example code showing how your server can verify signed requests see Validating Signed Requests in Orkut. Of course, validating requests from OpenSocket works the same except you need to replace the certifcate text with OpenSocket’s; and the key name you expect should be ‘opensocket-key-1′ not ‘pub.1199819524.-1556113204990931254.cer’ or whatever Orkut requires today.