...
To start, you'll need to build your input string. Your string-to-be-signed should always include the ? query parameter delimiter regardless of whether or not there are query string parameters.
...
To start, you'll need to build up a string that includes the request method GET
, the host name (e.g.api.ticketevolution.com
), the path (e.g. /brokerages
), and an optional query string that must be sorted by key (e.g. ?page=1&per_page=1
).
Infonote |
---|
Seriously, if you do not sort your query string alphabetically by key you will get a 401 error. |
...
Here's what that full string should look like when you put it all together:
Code Block | ||
---|---|---|
| ||
GET api.ticketevolution.com/v9/brokerages?page=1&per_page=1 |
...
or a request without parameters
Code Block | ||
---|---|---|
| ||
GET api.ticketevolution.com/v9/categories? |
...
POST, PUT, DELETE requests
In the case of POST
,PUT
and DELETE
requests when a request body is present, the request body should be used in the source string in lieu of the query string.
Code Block | ||
---|---|---|
| ||
POST api.ticketevolution.com/v9/clients?{"clients":[{"name":" |
...
Michael |
...
Starr"}]} |
...
Calculating the signature
Use our X-Signature Generator to check if the signatures you're making are correct, and generate cURL requests right in the browser.
Once you've built up the input string as shown above, it should be hashed using HMAC-SHA256 using the secret obtained in the Brokerage management console in the Broker Exchange. Below are some examples and examples for some additional languages can ebe found at http://www.jokecamp.com/blog/examples-of-creating-base64-hashes-using-hmac-sha256-in-different-languages/:
Ruby
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
require 'base64' require 'openssl' secret = "xyz" request = "GET api.ticketevolution.com/v9/brokerages?page=1&per_page=1" digest = OpenSSL::Digest::Digest.new('sha256') signature = Base64.encode64(OpenSSL::HMAC.digest(digest, secret, request)).chomp puts signature # => "ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=" |
PHP
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
$secret = 'xyz';
$request = 'GET api.ticketevolution.com/v9/brokerages?page=1&per_page=1';
$signature = base64_encode(hash_hmac('sha256', $request, $secret, true));
echo $signature; // Outputs ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=
|
Swift
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
func digest(secret: String, request: String) -> String! { let key = secret.cStringUsingEncoding(NSUTF8StringEncoding) let data = request.cStringUsingEncoding(NSUTF8StringEncoding) let result = UnsafeMutablePointer<CUnsignedChar>.alloc(Int(CC_SHA256_DIGEST_LENGTH)) CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), key!, strlen(key!), data!, strlen(data!), result) let HMAC = NSData(bytes: result, length:Int(CC_SHA256_DIGEST_LENGTH)) let signature = HMAC.base64EncodedStringWithOptions(NSDataBase64EncodingOptions.EncodingEndLineWithLineFeed) result.destroy() return signature } |
This
...
hashed
...
string
...
should
...
then
...
be
...
passed
...
in
...
the X-Signature header. If the secret were xyz, this would look like X-Signature:
...
ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0=
...
cURL
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
curl -i \ -H Accept: application/json \ -H X-Signature: ohGcFIHF3vg75A8Kpg42LNxuQpQZJsTBKv8xnZASzu0= \ -H X-Token: abc \ -X GET 'http://api.ticketevolution.com/v9/brokerages?page=1&per_page=1' |
If
...
you're
...
having
...
trouble
...
and
...
getting 401 responses back
...
from
...
your
...
requests,
...
please
...
use
...
the X-Signature
...
Generator to
...
make
...
sure
...
you're
...
generating
...
a
...
valid
...
signature.