To authenticate a user we’re working witch hmac (Keyed-Hash Message Authentication Code).
The usage is really simple. We accept the headers x-date and x-authorization. How they should build see below:
| x-date | 2014-02-20 19:44:49.000000 GMT+0000 |
| x-authorization | demo:bBeE4SjprMssRFxikvKBhCO66lg= |
The auth code is splited with a colon into username and the sha1 and base64 crypted md5(password) and the date.
Example 2014-03-15 11:45:53.000000 GMT+0000 to double check the server data.
Example to see the correct http header for x-date and x-authorization.
Here is a simple php code example:
$xDate = new DateTime('@' . time());
$xDate = $xDate->format('Y-m-d H:i:s.u T');
$defaults = array(
CURLOPT_HEADER => 0,
CURLOPT_URL => $url,
CURLOPT_FRESH_CONNECT => 1,
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_FORBID_REUSE => 1,
CURLOPT_HTTPHEADER => array(
'x-date:' . $xDate,
"x-authorization:"
. $username:
. base64_encode(hash_hmac('sha1', md5($password)
."\\n"
. $xDate, md5($password), true))
),
);
$ch = curl_init();
curl_setopt_array($ch, $defaults);
$result = curl_exec($ch);
Request:
Request Headers: Connection: keep-alive x-date: 2014-02-20 19:44:49.000000 GMT+0000 x-authorization: demo:bBeE4SjprMssRFxikvKBhCO66lg= Host: ida.nexxtra.de
Every request is valid for 180 seconds. Afterwards you will receive an error (1011 -> Wrong x-date Too Old.).
Attention:
To test your results step by step check out this debug tool.
Debugger: x-authorization-debug