Authentication of requests
As is the case with most APIs, Chef API is authenticated before the request is processed, and the result is transmitted back to the client. The authorization of the request is done by the Chef server. A few HTTP headers are signed by the private key on the client machine, and the Chef server verifies the signature by using the public key. Only once the request has been authorized, can processing take place.
Generally, when using utilities such as Knife and so on, we don't have to be really concerned about handling authorization, as this is something that is automatically taken care of by the tool. However, when using libraries such as cURL or any arbitrary Ruby code, it is necessary to include a full authentication header as part of a request to the Chef server.
All of the hashing is done using the SHA1 algorithm and encoding in Base64. Each header should be encoded in the following format:
Method: HTTP_METHOD Hashed Path: HASHED_PATH X-Ops-Content-Hash: HASHED_BODY...
