Authentication

An http header is required to pass the authentication when performing the API request. The authentication requires the token to be used in the Authorization header of the http request.

Authentication Token is a string sequence in the following format: "ASC pkey:datetime:hash", where

  • pkey - random string,
  • datetime - current UTC date and time in the "yyyyMMddHHmmss" format,
  • hash - hash value for the string in "datetime\npkey" format.

The hash value is calculated using the HMAC-SHA1 function with the key from the core.machinekey value of the Hosted Solution site appSettings configuration.

Please note, that the token is valid for 5 minutes only, starting with the datetime.

Example Authentication Token will look like this: "ASC abc:20100707140603:E7lwEXOplYS-0lbnV1XQnDSbi3w"

.Net(C#) generating token example
public string CreateAuthToken(string pkey, string machinekey)
{
    using (var hasher = new System.Security.Cryptography.HMACSHA1(Encoding.UTF8.GetBytes(machinekey)))
    {
        var now = DateTime.UtcNow.ToString("yyyyMMddHHmmss");
        var hash = System.Web.HttpServerUtility.UrlTokenEncode(hasher.ComputeHash(Encoding.UTF8.GetBytes(string.Join("\n", now, pkey))));

        return string.Format("ASC {0}:{1}:{2}", pkey, now, hash);
    }
}
Bash generating token example
CreateAuthToken() {
    pkey="$1";
    machinekey=$(echo -n "$2");
    now=$(date +"%Y%m%d%H%M%S");

    authkey=$(echo -n -e "${now}\n${pkey}" | openssl dgst -sha1 -binary -mac HMAC -macopt key:$machinekey | sed -e 's/^.* //');
    authkey=$(echo -n "${authkey}" | base64);

    echo "ASC ${pkey}:${now}:${authkey}";
}
Node.js generating token example
var moment = require("moment");
var crypto = require("crypto");

var createToken = function (pkey, machinekey) {
    var now = moment.utc().format("YYYYMMDDHHmmss");

    var authkey = crypto.createHmac("sha1", machinekey).update(now + "\n" + pkey).digest("base64");

    authkey = authkey.replace(/\+/g, "-").replace(/\//g, "_");
    authkey = authkey.substr(0, authkey.length - 1);
    var hash = "ASC " + pkey + ":" + now + ":" + authkey;

    return hash;
};
PHP generating token example
function CreateAuthToken($pkey, $machinekey) {
    $now=gmdate('YmdHis');

    $authkey=hash_hmac('sha1', $now."\n".$pkey, $machinekey, true);
    $authkey=base64_encode($authkey);
    $authkey=str_replace(array("+", "/"), array("-", "_"), substr($authkey, 0, -1)).'1';

    return 'ASC '.$pkey.':'.$now.':'.$authkey;
}
PowerShell generating token example
function CreateAuthToken([string]$pkey, [string]$machinekey){
    $hmacsha = New-Object System.Security.Cryptography.HMACSHA1
    $hmacsha.Key = [System.Text.Encoding]::UTF8.GetBytes($machinekey)

    [string]$now=(Get-Date -format "yyyyMMddHHmmss")
    [string]$hash = [System.Convert]::ToBase64String([byte[]]$hmacsha.ComputeHash([System.Text.Encoding]::UTF8.GetBytes($now + "`n" + $pkey)))
   
    $hash = $hash.Replace('+', '-')
    $hash = $hash.Replace('/', '_')

    return "ASC {0}:{1}:{2}" -f $pkey, $now, $hash
}
Ruby generating token example
def create_auth_token(pkey, machine_key)
    now = Time.now.strftime('%Y%m%d%H%M%S')
    hash = Base64.strict_encode64(OpenSSL::HMAC.digest('sha1', machine_key, [now, pkey].join("\n")))
    "ASC #{pkey}:#{now}:#{hash.tr('+', '-').tr('/', '_').chop}"
end