Ask HN: How does Stripe or AWS's api work in regards to being secure?

Y	Hacker News new \| ask \| show \| jobs

	Ask HN: How does Stripe or AWS's api work in regards to being secure?
	1 points by nuwin_tim 4176 days ago
	To my understanding, when interacting with AWS or Stripe, the client has a public and private key. The Client connects to the API w/ these values and the server generates and sends back a session token. When the client wants to make a call, it encrypts the session key with the public and private key, then the server decrypts the message, and verifies the session key matches it up for the corresponding user (or does it just pass the session key?) I am curious on the lower-level details in creating a similar secure implementation.. for example, what's typical in setting an expiration date for the public, private and session keys.. How does the client initially get the private key?.. what's the best hash for generating the keys, what cipher to use when encrypting the data.. / what the full steps are from start to finish.