Request Origins are the connected applications that will interact with Privakey to send authorization and authentication requests to users. App Spaces can be configured to have multiple request origins.

Request Origins must use Basic Header Authentication or HMAC (hash-based message authentication code) authentication. Their credentials are created and managed in the Admin Portal. Privakey recommends HMAC where possible.

Request Origin Authentication Credentials

HMAC Authentication Tokens are generated securely on the server and encrypted at rest using AES-256. Basic Header authentication passwords are hashed using SHA-512 and salt. The master secret for encryption at rest is defined at deployment and must be set as an Environment Variable.