Authorizing Provisioning API requests

[ 1 Creating the signature using JavaScript ] [ 2 Creating the signature using Python ] [ 3 Creating the signature using Java ] [ 4 Creating the signature using C# ] [ 5 Signature error ]

All Provisioning API requests must be authorized using an HMAC256 signature. The headers required to authorize your requests are:

Header	Description

Header	Description
`x-logtrust-timestamp`	The request timestamp, as an epoch in milliseconds.
`x-logtrust-sign`	The request HMAC signature. The value for `x-logtrust-sign` is the result of encoding the string concatenation of the API key, the body (if any), and the timestamp provided (in this order) with the HMAC256 algorithm, using the common or reseller domain API secret.
`x-logtrust-domain-apikey`	The domain API key (only for common domain requests). Learn more about Devo access keys (API key and API secret) in Security credentials.
`x-logtrust-reseller-apikey`	The reseller API key (only for reseller requests). Contact us to get the API key required for reseller management.

The following is an example of a signature including all the required headers, using cURL:

curl --request POST \
 --url https://api-xx.devo.com/probio/operation \
 --header 'Content-Type: application/json' \
 --header 'cache-control: no-cache' \
 --header 'x-logtrust-reseller-apikey: apikey' \
 --header 'x-logtrust-timestamp: timestamp' \
 --header 'x-logtrust-sign: calculated_signature' \
 --data '{"data": "data"}'

Creating the signature using JavaScript

This requires the CryptoJS library.

var apiKey = 'my-api-key';
var apiSecret = 'my-api-secret';
var timestamp = new Date().getTime(); 
var hmacObject = CryptoJS.HmacSHA256(apiKey + body +  timestamp, apiSecret);
var hmacString = hmacObject.toString(CryptoJS.enc.Hex);

The body value can be null if no body is included.
The timestamp value is the same as the one included in the x-logtrust-timestamp header (an epoch in milliseconds).
The hmacString value is the final signature value to be sent.

Creating the signature using Python

import time
import hmac
import hashlib

api_key = 'my-api-key'
api_secret = 'my-api-secret'
timestamp = str(int(time.time()) * 1000) 

sign = hmac.new(bytes(api_secret, 'utf-8'), bytes(api_key + data + timestamp, 'utf-8'), hashlib.sha256)
sign = sign.hexdigest()

The data value can be null if the request has no content.
The timestamp value generates a timestamp in milliseconds, as required by the x-logtrust-timestamp header.

Creating the signature using Java

This requires the javax.crypto library.

Creating the signature using C#

Signature error

If the signature is not properly configured, the response will include the following error:

If you get this error, check that your request includes all the necessary headers, that you are not trying to access a reseller endpoint with domain credentials (or vice versa), and that all the specified values are correct.