Signature parameter

From Safe Creative API
Revision as of 07:06, 31 May 2010 by w>Jguillo
Jump to navigation Jump to search

Many operations require a signature of the request. This signature is the SHA-1 hash of the arguments sorted by key, preceded by a private key. Signature is encoded as a string of hexadecimal digits (0-9a-f), two digits per byte.

The private key to use depends on the component being called. If the component requires an authkey, then the private key to use is the one associated to that authkey. In other cases, you must use the private key associated to your shared key.

For example, for the following request:

http://api.safecreative.org/v2/
?ztime=20081106141840
&sharedkey=fDsm8YO9SaupC5TChOsB6w
&component=authkey.create

You must get the key/value pairs (values should not be URL-encoded):

ztime=20081106141840
sharedkey=fDsm8YO9SaupC5TChOsB6w
component=authkey.create

Sort this list by key:

component=authkey.create
sharedkey=fDsm8YO9SaupC5TChOsB6w
ztime=20081106141840

Build a data stream with the private key (in this case, the one associated to your shared key) followed by the sorted pairs, all separated by ampersand (&):

{private_key}&component=authkey.create&sharedkey=fDsm8YO9SaupC5TChOsB6w&ztime=20081106141840

Calculate de SHA1 of the previous UTF-8 data stream:

SHA1(data)=4a285c1501646b41896a065add2311ffcde889ce

Finally, you must append the SHA1 to the request as the signature parameter:

http://api.safecreative.org/0.2
?ztime=20081106141840
&sharedkey=fDsm8YO9SaupC5TChOsB6w
&component=authkey.create
&signature=4a285c1501646b41896a065add2311ffcde889ce

If you have trouble signing your requests (getting InvalidSignature errors), you can try the signature.analysis debug component.