All requests must be signed using your API Token and your private Secret Key.
To start, you'll need to build your input string. Your string-to-be-signed should always include the ? query parameter delimiter regardless of whether or not there are query string parameters.
...
To start, you'll need to build up a string that includes the request method GET, the host name (e.g.api.ticketevolution.com), the path (e.g. /brokerages), and an optional query string that must be sorted by key (e.g. ?page=1&per_page=1).
| Info |
|---|
Seriously, if you do not sort your query string alphabetically by key you will get a 401 error. |
...
Here's what that full string should look like when you put it all together:
...
Once you've built up the input string as shown above, it should be hashed using HMAC-SHA256 using the secret obtained in the Brokerage management console in the Broker Exchange. Below are some examples and examples for some additional languages can ebe found at http://www.jokecamp.com/blog/examples-of-creating-base64-hashes-using-hmac-sha256-in-different-languages/:
Ruby
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
require 'base64'
require 'openssl'
secret = "xyz"
request = "GET api.ticketevolution.com/v9/brokerages?page=1&per_page=1"
digest = OpenSSL::Digest::Digest.new('sha256')
signature = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, request)).chomp
puts signature # => "ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=" |
...
If you're having trouble and getting 401 responses back from your requests, please use the X-Signature Generator to make sure you're generating a valid signature.
...