Date: Fri, 29 Mar 2024 10:35:33 +0000 (UTC) Message-ID: <789568794.35.1711708533349@f725ed78bc69> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_34_972020051.1711708533349" ------=_Part_34_972020051.1711708533349 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
All requests must be signed using your API Toke= n and your private Secret Key.
Your string-to-be-signed should always include the= ? query parameter delimiter regardless of whether or not = there are query string parameters.
GET
Requ=
estsTo start, you will need to create the string to use in computing the X-S=
ignature string that includes the request method GET
, the=
host name (e.g.api.ticketevolution.com
), the path (e.g. =
/brokerages
), and an optional query string that m=
ust be sorted by key (e.g. ?page=3D1&per_page=
=3D1
).
Seriously, if you do not sort your query string alphabetically b= y key you will get a 401 error.
Here's what that full string should look like when you put it all togeth= er:
GET api.ticketevolution.com/v9/brokerages?page=3D1&per_page=3D=
1
or a request without parameters
GET api.ticketevolution.com/v9/categories?
=
POST
, PUT
, and DELETE
requestsIn the case of POST
,PUT
and
POST api.ticketevolution.com/v9/clients?{"clients":[{"name":"Micha=
el Starr"}]}
Use our X-Signature Generator to = check if the signatures you're making are correct, and generate cURL reques= ts right in the browser.
Once you have created the input string as shown above, it should be hash= ed using HMAC-SHA256 using your API Secret. Below are some examples of how = to compute X-Signature. Some examples for additional languages may be found= at http://www.jokecamp.com/blog/examples-of-creating-base64-hash= es-using-hmac-sha256-in-different-languages/:
require 'base= 64' require 'openssl' secret =3D "xyz" request =3D "GET api.ticketevolution.com/v9/brokerages?page=3D1&per_pag= e=3D1" digest =3D OpenSSL::Digest::Digest.new('sha256') signature =3D Base64.encode64(OpenSSL::HMAC.digest(digest, secret, request)= ).chomp puts signature # =3D> "ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=3D"= pre>
$secret =3D 'x= yz'; $request =3D 'GET api.ticketevolution.com/v9/brokerages?page=3D1&per_pa= ge=3D1'; $signature =3D base64_encode(hash_hmac('sha256', $request, $secret, true)); echo $signature; // Outputs ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=3D<= /pre>
func digest= (secret: String, request: String) -> String! { let key =3D secret.cStringUsingEncoding(NSUTF8StringEncoding) let data =3D request.cStringUsingEncoding(NSUTF8StringEncoding) let result =3D UnsafeMutablePointer<CUnsignedChar>.alloc(Int(CC_S= HA256_DIGEST_LENGTH)) CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), key!, strlen(key!), data!, st= rlen(data!), result) let HMAC =3D NSData(bytes: result, length:Int(CC_SHA256_DIGEST_LENGTH)) let signature =3D HMAC.base64EncodedStringWithOptions(NSDataBase64Encod= ingOptions.EncodingEndLineWithLineFeed) result.destroy() return signature }
This hashed string should then be passed in the X-Signature he=
ader. If the secret were xyz, this would look like X-Signat=
ure: ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=3D
curl -i \ -H Accept: application/json \ -H X-Signature: ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=3D \ -H X-Token: abc \ -X GET 'http://api.ticketevolution.com/v9/brokerages?page=3D1&per_page=3D1'<= /pre>
If you are getting 401 Unauthorized responses, please use the =
X-Signature Generator to make sure you ar=
e correctly computing the X-Signature.