Authorizing Provisioning API requests
- Juan Tomás Alonso Nieto (Unlicensed)
Owned by Juan Tomás Alonso Nieto (Unlicensed)
All Provisioning API requests must be authorized using an HMAC256 signature. The headers required to authorize your requests are:
| Header | Description |
|---|---|
x-logtrust-timestamp | The request timestamp, as an epoch in milliseconds. |
x-logtrust-sign | The request HMAC signature. The value for x-logtrust-sign is the result of encoding the string concatenation of the API key, the body (if any), and the timestamp provided (in this order) with the HMAC256 algorithm, using the common or reseller domain API secret. |
x-logtrust-domain-apikey | The domain API key (only for common domain requests). Learn more about Devo access keys (API key and API secret) in Security credentials. |
x-logtrust-reseller-apikey | The reseller API key (only for reseller requests). Contact us to get the API key required for reseller management. |
The following is an example of a signature including all the required headers, using cURL:
curl --request POST \
--url https://api-xx.devo.com/probio/operation \
--header 'Content-Type: application/json' \
--header 'cache-control: no-cache' \
--header 'x-logtrust-reseller-apikey: apikey' \
--header 'x-logtrust-timestamp: timestamp' \
--header 'x-logtrust-sign: calculated_signature' \
--data '{"data": "data"}'
Creating the signature using JavaScript
This requires the CryptoJS library.
createSignature.js
var apiKey = 'my-api-key';
var apiSecret = 'my-api-secret';
var body = '{"data":true}';
var timestamp = new Date().getTime();
var hmacObject = CryptoJS.HmacSHA256(apiKey + body + timestamp, apiSecret);
var hmacString = hmacObject.toString(CryptoJS.enc.Hex);
- The
bodyvalue can benullif nobody is included. - The
timestampvalue is the same as the one included in thex-logtrust-timestampheader (an epoch in milliseconds). - The
hmacStringvalue is the final signature value to be sent.
Creating the signature using Python
import time
import hmac
import hashlib
api_key = 'my-api-key'
api_secret = 'my-api-secret'
data = '{"data":true}'
timestamp = str(int(time.time()) * 1000)
sign = hmac.new(api_secret, (api_key + data + timestamp), hashlib.sha256)
sign = sign.hexdigest()
- The
datavalue can benullif the request has no content. - The
timestampvalue generates a timestamp in milliseconds, as required by thex-logtrust-timestampheader.
Creating the signature using Java
This requires the javax.crypto library.
CreateSignature.java
public String getSignature(String apiKey, String secret, String ts, String body) {
String src = body != null ? apiKey + body + ts : apiKey + ts;
Mac sha256HMAC = Mac.getInstance("HmacSHA256");
SecretKeySpec secretKey = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
sha256HMAC.init(secretKey);
return Hex.encodeHexString(sha256HMAC.doFinal(src.getBytes()));
}
Creating the signature using C#
using System.Security.Cryptography;
using System.Text;
namespace Devo
{
class Program
{
public void getSignature()
{
String key = "my-api-key";
String secret = "my-api-secret";
String body = "";
// HMAC-SHA256 signature
String unixTimestamp = (DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalMilliseconds.ToString();
unixTimestamp = unixTimestamp.Substring(0, unixTimestamp.IndexOf("."));
String data = key + body + unixTimestamp;
byte[] byteArrayData = Encoding.UTF8.GetBytes(data);
byte[] byteArraySecret = Encoding.UTF8.GetBytes(secret);
var hash = new HMACSHA256(byteArraySecret);
byte[] byteSigned = hash.ComputeHash(byteArrayData);
var hexString = BitConverter.ToString(byteSigned);
String sign = hexString.Replace("-", "").ToLower();
}
public static void Main(string[] args)
{
Program p = new Program();
p.getSignature();
}
}
}
Signature error
If the signature is not properly configured, the response will include the following error:
{
"error": {
"code": 12,
"message": "Invalid signature validation"
}
}
If you get this error, check that your request includes all the necessary headers, that you are not trying to access a reseller endpoint with domain credentials (or vice versa), and that all the specified values are correct.