Trusted Central Signing Service - API - Consume signature verification API anonymously
This document describes how to setup the signing verification API without authentication to allow anonymous calls to the API.
- PAS 2.8 or higher installed
- Trusted Central Signing Service API configured (XML or PDF or both)
- The reader of this document should have some basic knowledge about PhenixID Authentication Services.
- Changes will be made to the file phenix-store.json, so please make sure to have a backup of this file.
Verify anonymous access to the verification API
- Login to Configuration Manager
- Advanced-> Pipes
- Locate the pipe executing the signature verification (to find out how, please follow the links below depending on your use case):
- The pipe must not contain any logic (valves) for api client authentication. If that is the case, remove those valves and commit the changes.
Test by following one of these guides (based on the use case):
Remove the Authorization header from the call from the api client to the verification endpoint.