Proof keys

To restrict public access to your data, a secure exchange of requests between an online office and an integrator must be configured.

The integrator must check that the request is received from ONLYOFFICE Docs. It uses proof keys for this purpose. Document Server signs the request with a private key. The corresponding public key is written in the proof-key element in the WOPI discovery XML. The integrator checks the private key with the public key. The signature is sent with every request in the X-WOPI-Proof and X-WOPI-ProofOld HTTP headers. Private and public keys are set up via the following config parameters:

Parameters

NameDescriptionTypeExample
wopi.publicKeyDefines the public key that the integrator uses to check the private key.string“public key example”
wopi.modulusDefines the RSA modulus in the Base64-encoded format that is used to retrieve the public key.string“modulus example”
wopi.exponentDefines the RSA exponent in the Base64-encoded format that is used to retrieve the public key.string“AQAB”
wopi.privateKeyDefines the private key that signs the Document Server request.string“private key example”

Example

  1. {
  2. "wopi": {
  3. "publicKey": "public key example",
  4. "modulus": "modulus example",
  5. "exponent": "AQAB",
  6. "privateKey": "private key example"
  7. }
  8. }

By default, proof keys are already set. They are not generated, i.e. the same keys are used for all installations.