Signature parameter

From SafeCreativeWiki

Jump to: navigation, search

Many operations require a signature of the request. This signature is the SHA-1 hash of the arguments sorted by key, preceded by a private key.

The private key to use depends on the component being called. If the component requires an authkey, then the private key to use is the one associated to that authkey. In other cases, you must use the private key associated to your shared key.

Signature is encoded as a string of hexadecimal digits (0-9a-f), two digits per byte.

For example, for the following request:

http://api.safecreative.org/v2/
?ztime=20081106141840
&sharedkey=fDsm8YO9SaupC5TChOsB6w
&component=authkey.create

You must get the key/value pairs (values should not be URL-encoded):

ztime=20081106141840
sharedkey=fDsm8YO9SaupC5TChOsB6w
component=authkey.create

Sort this list by key:

component=authkey.create
sharedkey=fDsm8YO9SaupC5TChOsB6w
ztime=20081106141840

Build a data stream with the private key (in this case, the one associated to your shared key) followed by the sorted pairs, all separated by ampersand (&):

{private_key}&component=authkey.create&sharedkey=fDsm8YO9SaupC5TChOsB6w&ztime=20081106141840

Calculate de SHA1 of the previous UTF-8 data stream:

SHA1(data)=4a285c1501646b41896a065add2311ffcde889ce

Finally, you must append the SHA1 to the request as the signature parameter:

http://api.safecreative.org/0.2
?ztime=20081106141840
&sharedkey=fDsm8YO9SaupC5TChOsB6w
&component=authkey.create
&signature=4a285c1501646b41896a065add2311ffcde889ce

If you have trouble signing your requests (getting InvalidSignature errors), you can try the signature.analysis debug component.

Personal tools
Safe Stamper API