An HTTP header is required to pass the authentication when performing the API request. The authentication requires a token to be used in the Authorization header of the HTTP request.
Authentication Token is a string sequence in the following format: "ASC pkey:datetime:hash", where
The hash value is calculated using the HMAC-SHA1 function with the key from the core.machinekey value of the Hosted Solution site appSettings configuration.
Authentication Token example will look like this: "ASC abc:20100707140603:E7lwEXOplYS-0lbnV1XQnDSbi3w"
public string CreateAuthToken(string pkey, string machinekey) { using (var hasher = new System.Security.Cryptography.HMACSHA1(System.Text.Encoding.UTF8.GetBytes(machinekey))) { var now = DateTime.UtcNow.ToString("yyyyMMddHHmmss"); var hash = System.Web.HttpServerUtility.UrlTokenEncode(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(string.Join("\n", now, pkey)))); return string.Format("ASC {0}:{1}:{2}", pkey, now, hash); } }
CreateAuthToken() { pkey="$1"; machinekey=$(echo -n "$2"); now=$(date +"%Y%m%d%H%M%S"); authkey=$(echo -n -e "${now}\n${pkey}" | openssl dgst -sha1 -binary -mac HMAC -macopt key:$machinekey | sed -e 's/^.* //'); authkey=$(echo -n "${authkey}" | base64); echo "ASC ${pkey}:${now}:${authkey}"; }
var moment = require("moment"); var crypto = require("crypto"); var createToken = function (pkey, machinekey) { var now = moment.utc().format("YYYYMMDDHHmmss"); var authkey = crypto.createHmac("sha1", machinekey).update(now + "\n" + pkey).digest("base64"); authkey = authkey.replace(/\+/g, "-").replace(/\//g, "_"); authkey = authkey.substr(0, authkey.length - 1); var hash = "ASC " + pkey + ":" + now + ":" + authkey; return hash; };
function CreateAuthToken($pkey, $machinekey) { $now=gmdate('YmdHis'); $authkey=hash_hmac('sha1', $now."\n".$pkey, $machinekey, true); $authkey=base64_encode($authkey); $authkey=str_replace(array("+", "/"), array("-", "_"), substr($authkey, 0, -1)).'1'; return 'ASC '.$pkey.':'.$now.':'.$authkey; }
function CreateAuthToken([string]$pkey, [string]$machinekey) { $hmacsha = New-Object System.Security.Cryptography.HMACSHA1 $hmacsha.Key = [System.Text.Encoding]::UTF8.GetBytes($machinekey) [string]$now=(Get-Date -format "yyyyMMddHHmmss") [string]$hash = [System.Convert]::ToBase64String([byte[]]$hmacsha.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($now + "`n" + $pkey))) $hash = $hash.Replace('+', '-') $hash = $hash.Replace('/', '_') return "ASC {0}:{1}:{2}" -f $pkey, $now, $hash }
def create_auth_token(pkey, machine_key) now = Time.now.strftime('%Y%m%d%H%M%S') hash = Base64.strict_encode64(OpenSSL::HMAC.digest('sha1', machine_key, [now, pkey].join("\n"))) "ASC #{pkey}:#{now}:#{hash.tr('+', '-').tr('/', '_').chop}" end
import base64 import hashlib import hmac from datetime import datetime, date, time def create_auth_token(pkey, machine_key): machine_key = bytes(machine_key, 'UTF-8') now = datetime.strftime(datetime.utcnow(), "%Y%m%d%H%M%S") message = bytes('{0}\n{1}'.format(now, pkey), 'UTF-8') _hmac = hmac.new(machine_key, message, hashlib.sha1) signature = str(base64.urlsafe_b64encode(_hmac.digest()), 'UTF-8') signature = signature.replace('-', '+') signature = signature.replace('_', '/') token = 'ASC {0}:{1}:{2}'.format(pkey, now, signature) return token
public String createAuthToken(String pkey, String machinekey) throws Exception { java.time.OffsetDateTime date = java.time.OffsetDateTime.now(java.time.ZoneOffset.UTC); String time = date.format(java.time.format.DateTimeFormatter.ofPattern("YYYYMMddHHmmss")); String data = time + "\n" + pkey; javax.crypto.spec.SecretKeySpec signingKey = new javax.crypto.spec.SecretKeySpec(machinekey.getBytes(), "HmacSHA1"); javax.crypto.Mac mac = javax.crypto.Mac.getInstance("HmacSHA1"); mac.init(signingKey); String hash = java.util.Base64.getUrlEncoder().encodeToString(mac.doFinal(data.getBytes())); return String.format("ASC %1$s:%2$s:%3$s", pkey, time, hash); }