API Extra Security Layer with Input Checksum using Laravel

A Checksum is a value used to verify the integrity of a file or a data transfer. So basically, it’s the digital fingerprint of each request.

How its work?

The sender send a request including the checksum and the receiver will reconstruct their own checksum based on sender inputs. Then, the receiver will compare it own checksum with sender’s checksum whether match or not. If not matched, the sender request consider invalid.

So i came out just simple solution using Middleware to validate request checksum.

Basically, what i plan to do is the client-side will construct a MD5 checksum based on input and put it in HTTP header. Then, server-side will check if http header exist and validate it.

Client Side

1. Sort every input value based on key in alphabetical order and make it inline with | delimiter. For example, username: john123, password:Xyz@1234 => Xyz@1234|john123
2. Put the checksum in custom HTTP header (X-Checksum) and send to the server.

Server Side

1. Construct checksum using the same way as client side do.
2. Compare server checksum with request checksum.