Signature parameter: Difference between revisions
w>Jguillo No edit summary |
w>Jguillo No edit summary |
||
Line 11: | Line 11: | ||
</pre> | </pre> | ||
You must get the key/value pairs (values should not be URL-encoded): | You must get the key/value pairs (values should '''not''' be URL-encoded): | ||
<pre> | <pre> | ||
ztime = 20081106141840 | ztime = 20081106141840 |
Revision as of 07:11, 28 May 2010
Many operations require a signature of the request, this signature is the SHA-1 hash of the arguments sorted by key, preceded by a private key.
The private key to use depends on the component being called. If the component requires an authkey, then the private key to use is the one associated to that authkey. In other cases, you must use the private key associated to your shared key.
For example, for the following request:
http://api.safecreative.org/v2/ ?ztime=20081106141840 &sharedkey=fDsm8YO9SaupC5TChOsB6w &component=authkey.create
You must get the key/value pairs (values should not be URL-encoded):
ztime = 20081106141840 sharedkey = fDsm8YO9SaupC5TChOsB6w component = authkey.create
Sort this list by key:
component = authkey.create sharedkey = fDsm8YO9SaupC5TChOsB6w ztime = 20081106141840
Build a data stream with the private key (in this case, the one associated to your shared key) followed by the sorted pairs, all separated by ampersand (&):
{private_key}&component=authkey.create&sharedkey=fDsm8YO9SaupC5TChOsB6w&ztime=20081106141840
Calculate de SHA1 of the previous UTF-8 data stream:
SHA1(data)=4a285c1501646b41896a065add2311ffcde889ce
Finally, you must append the SHA1 to the request as the signature parameter:
http://api.safecreative.org/0.2 ?ztime=20081106141840 &sharedkey=fDsm8YO9SaupC5TChOsB6w &component=authkey.create &signature=4a285c1501646b41896a065add2311ffcde889ce
If you have trouble signing your requests (getting InvalidSignature errors), you can try the signature.analysis debug component.