Request Signing
Request signing
To sign an API request, you must add a signature to your
request. This signature is created by concatenating the query
parameters and your API secret. The query parameters must be
ordered alphabetically and separated by a hash
symbol (#).
You can create a signature in 3 easy steps:
- Order the query parameters alphabetically and
seperate them by a hash (#) symbol.
- Concatenate the result from step 1 with
your API secret.
- Generate a hash from the results of step
2
Example:
For example, given a
sociotoco.profiles.getProfiles
API request:
../rest?method=sociotoco.profiles.getProfiles&key=
<api_key>&f=<first_name>&l
=<last_name>&nid=<network_id>&time=
<unix_timestamp>
Result of step 1:
f=<first_name>#key=<
api_key>#l=<last_name>#method=
sociotoco.profiles.getProfiles#nid=<network_id>#time=<
unix_timestamp>
Result of step 2:
f=<first_name>#key=<api_key>#l=
<last_name>#method=
sociotoco.profiles.getProfiles#nid=<network_id>#time=
<unix_timestamp><api_secret>
This concatenated result must be hashed using MD5,
SHA-1, SHA-256, SHA-384 or SHA-512. You can choose which
hashing method you prefer. The hash must be added to the request as
the sig parameter in hexadecimal form.
Result of step 3:
../rest?method=sociotoco.profiles.getProfiles&key=
<api_key>&f=<first_name>&l=
<last_name>&nid=<network_id>&time=
<unix_timestamp>&sig=
<hash>