Signature in the Authorization header is a Base64-encoded HMAC-SHA256 value of signing_string.
- First line: a constant string, licenseSpring
- Second line
- Take all values of designated keys in headers parameter, concatenate them with their value using : (colon and space)
- If there are multiple parameters in headers, concatenate them with a newline (\n)
Signing_string is signed with the key associated with the customer in LicenseSpring platform and algorithm specified in algorithm. After that, the signature is encoded with Base64.
Here's an example of how this works, using the fake sharedKey 'kw4qSnpSwXzgiv5yxYpZZmFEd9QAeiKTQ6OuyMja':
- The Date header is: Tue, 07 Jun 2011 20:51:35 GMT
- The Authorization header is: algorithm="hmac-sha256", headers="date", signature="UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=", apikey="here_is_the_api_key"
- The signing string is: licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT
- The final signature, which is a Base64 of the hexadecimal value, comes out as: UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=. This signature is included in the 'Authorization' header as part of the 'signature' parameter.
Generating a signature
Generating full HTTP request headers with SDK Demo keys
Full sample code for checking a license key with SDK Demo keys