The HMAC authentication component for Tokenly.
To authenticate HTTP requests that use this component, you must include 3 HTTP headers with your request:
- X-Tokenly-Auth-Api-Token
- X-Tokenly-Auth-Nonce
- X-Tokenly-Auth-Signature
To generate these headers, you will need an API Token and a secret API Key.
Say my API Token is TWKTkwIQDTvirh6D
and my API Secret key is Kun2M2UladalYAeUvXyiKWhFuwrsmSreM841K45O
. Here is an explanation of each header.
This token is nothing more than the API Token.
Example:
X-Tokenly-Auth-Api-Token: TWKTkwIQDTvirh6D
The nonce header is the current unix timestamp in seconds.
Example:
X-Tokenly-Auth-Nonce: 1457530047
The signature is a base64 encoded string using sha256 HMAC. The key for the hash is the API Key. And the message is generated using the following data:
{METHOD}\n
{URL}\n
{PARAMETERS}\n
{API TOKEN}\n
{NONCE}
{METHOD} is the http method such as GET,POST,PUT,DELETE
{URL} is the full URL of the api endpoint
{PARAMETERS} are required and should be a JSON encoded string representing the parameters. For empty parameters, use {}
.
{API TOKEN} and {NONCE} are the same as send in the headers.
Items are separated with a single newline character.
After calculating the HMAC, encode the data in base64 format.
Example:
Using the values above and a request of GET https://www.example.com/api/v1/mystuff, the signature header will be:
X-Tokenly-Auth-Signature: hZ6SDgcZzo5AYrS9yopEQo068ax0NojG/CfXWG+RJEA