Document toolboxDocument toolbox

Authorizing Provisioning API requests

All Provisioning API requests must be authorized using an HMAC256 signature. The headers required to authorize your requests are:

Header

Description

Header

Description

x-logtrust-timestamp

The request timestamp, as an epoch in milliseconds.

x-logtrust-sign

The request HMAC signature. The value for x-logtrust-sign is the result of encoding the string concatenation of the API key, the body (if any), and the timestamp provided (in this order) with the HMAC256 algorithm, using the common or multitenant domain API secret.

x-logtrust-domain-apikey

The domain API key (only for common domain requests). Learn more about Devo access keys (API key and API secret) in Security credentials.

x-logtrust-reseller-apikey

The multitenant API key (only for multitenant requests). Contact us to get the API key required for multitenant management.

The following is an example of a signature including all the required headers, using cURL:

curl --request POST \ --url https://api-xx.devo.com/probio/operation \ --header 'Content-Type: application/json' \ --header 'cache-control: no-cache' \ --header 'x-logtrust-reseller-apikey: apikey' \ --header 'x-logtrust-timestamp: timestamp' \ --header 'x-logtrust-sign: calculated_signature' \ --data '{"data": "data"}'

Creating the signature using JavaScript

This requires the CryptoJS library.

var apiKey = 'my-api-key'; var apiSecret = 'my-api-secret'; var timestamp = new Date().getTime(); var hmacObject = CryptoJS.HmacSHA256(apiKey + body + timestamp, apiSecret); var hmacString = hmacObject.toString(CryptoJS.enc.Hex);
  • The body value can be null if no body is included.

  • The timestamp value is the same as the one included in the x-logtrust-timestamp header (an epoch in milliseconds).

  • The hmacString value is the final signature value to be sent.

Creating the signature using Python

import time import hmac import hashlib api_key = 'my-api-key' api_secret = 'my-api-secret' timestamp = str(int(time.time()) * 1000) sign = hmac.new(bytes(api_secret, 'utf-8'), bytes(api_key + data + timestamp, 'utf-8'), hashlib.sha256) sign = sign.hexdigest()
  • The data value can be null if the request has no content.

  • The timestamp value generates a timestamp in milliseconds, as required by the x-logtrust-timestamp header.

Creating the signature using Java

This requires the javax.crypto library.

Creating the signature using C#

Signature error

If the signature is not properly configured, the response will include the following error:

If you get this error, check that your request includes all the necessary headers, that you are not trying to access a multitenant endpoint with domain credentials (or vice versa), and that all the specified values are correct.