Request Signature

overview requests sent to the server have to be digitally signed for purposes of authentication the signature uses the date header anxd signing algorithm used in license api authorization docid 4pkampctibgtummvtwcy3 signature structure the signature in the authorization header is a base64 encoded hmac hashed value of the signing string, which is composed of a constant string licensespring a newline character \n the value of the date header being sent in the request (see license api authorization docid 4pkampctibgtummvtwcy3 for more details) this is a date string in rfc7231 format this signing string is then hashed with the customer's key (shared key) using the algorithm provided in the authorization header (e g hmac sha256 ) the resulting hash is then encoded in base64 make sure the encoded string has no extra whitespace on any line, otherwise the base64 encoded value will be incorrect example of signature generation the following is an example of how to generate a signature first, let's assume the following values your company's shared key is kw4qsnpswxzgiv5yxypzzmfed9qaeiktq6ouymja the date header you set in the request is tue, 07 jun 2011 20 51 35 gmt we'll use the default hashing algorithm, hmac sha256 now we can generate the signature 1\ create the signing string licensespring date tue, 07 jun 2011 20 51 35 gmt 2\ hash the signing string using hmac sha256 3\ encode the hashed value with base64 udysfr6mnduzreo07y9r+vern8vsxrnq5ulit18ij/q= the resulting string is then inserted into the authorization header as the "signature" parameter algorithm="hmac sha256", headers="date", signature="udysfr6mnduzreo07y9r+vern8vsxrnq5ulit18ij/q=", apikey=" company api key here " sample code generating a signature const crypto = require('node\ crypto'), shared key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', signing string = 'licensespring\ndate tue, 07 jun 2011 20 51 35 gmt'; let signature = crypto createhmac('sha256', shared key) update(signing string) digest('base64'); console log(signature); // udysfr6mnduzreo07y9r+vern8vsxrnq5ulit18ij/q=import base64 import hashlib import hmac import time from wsgiref handlers import format date time \# can be found in `account settings` > `settings` > `keys` shared key = ' your shared key goes here ' def sign(secret key, datestamp) msg = 'licensespring\ndate %s' % datestamp hashed = hmac new(bytes(secret key, 'utf 8'), msg encode('utf 8'), hashlib sha256) digest() return base64 b64encode(hashed) decode() \# generate headers date header = format date time(time time()) signing key = sign(shared key, date header) generating full http request headers with sdk demo keys const fetch = require('node fetch'); const sharedkey = 'xxxxxxxxx xxxxx xxxxxxxxxxxxx xxxxxx xxxxxx', apikey = 'xxxxxxxx xxxx xxxx xxxx xxxxxxxxxxxx', productcode = "xx", baseurl = 'https //api licensespring com/api/v4/webhook'; function generateheaders(){ const signingdate = (new date()) toutcstring(), signingstring = `licensespring\ndate ${signingdate}`; const signature = crypto createhmac('sha256', sharedkey) update(signingstring) digest('base64'); return { 'content type' 'application/json', 'date' signingdate, 'authorization' `algorithm="hmac sha256",headers="date",signature="${signature}",apikey="${apikey}"`, }; }import base64 import hashlib import hmac import time from wsgiref handlers import format date time \# can be found in `account settings` > `settings` > `keys` shared key = ' your shared key goes here ' uuid = ' your uuid key goes here ' def sign(secret key, datestamp) msg = 'licensespring\ndate %s' % datestamp hashed = hmac new(bytes(secret key, 'utf 8'), msg encode('utf 8'), hashlib sha256) digest() return base64 b64encode(hashed) decode() \# generating headers date header = format date time(time time()) signing key = sign(shared key, date header) auth header = ',' join(\[ 'algorithm="hmac sha256"', 'headers="date"', 'signature="%s"' % signing key, 'apikey="%s"' % uuid ]) headers = { 'date' date header, 'authorization' auth header } full sample code for checking a license key with sdk demo keys const fetch = require('node fetch'); const sharedkey = 'xxxxxxxxx xxxxx xxxxxxxxxxxxx xxxxxx xxxxxx', apikey = 'xxxxxxxx xxxx xxxx xxxx xxxxxxxxxxxx', productcode = "xx", baseurl = 'https //api licensespring com/api/v4'; function generateheaders(){ const signingdate = (new date()) toutcstring(), signingstring = `licensespring\ndate ${signingdate}`; const signature = crypto createhmac('sha256', sharedkey) update(signingstring) digest('base64'); return { 'content type' 'application/json', 'date' signingdate, 'authorization' `algorithm="hmac sha256",headers="date",signature="${signature}",apikey="${apikey}"`, }; } const checklicense = async (hwid, licensekey) => { const headers = generateheaders() const response = await fetch(baseurl + '/check license' + `?product=${productcode}\&hardware id=${hwid}\&license key=${licensekey}`, { method 'get', headers headers }) console log("/license response", await response json()); } checklicense('d32q3ed3rq3rxq2r3q23q23q23', '1111 2222 3333 4444');import base64 import hashlib import hmac import time from wsgiref handlers import format date time import requests api url = 'https //api licensespring com' \# can be found in `account settings` > `settings` > `keys` shared key = ' your shared key goes here ' uuid = ' your uuid key goes here ' def sign(secret key, datestamp) msg = 'licensespring\ndate %s' % datestamp hashed = hmac new(bytes(secret key, 'utf 8'), msg encode('utf 8'), hashlib sha256) digest() return base64 b64encode(hashed) decode() \# generate headers date header = format date time(time time()) signing key = sign(shared key, date header) auth header = ',' join(\[ 'algorithm="hmac sha256"', 'headers="date"', 'signature="%s"' % signing key, 'apikey="%s"' % uuid ]) \# send request product short code = ' your product short code goes here ' hardware id = ' your hardware id goes here ' license key = ' your license key goes here ' response = requests get( url='{}{}' format(api url, '/api/v4/check license/'), params={'product' product short code, 'hardware id' hardware id, 'license key' license key}, headers={ 'date' date header, 'authorization' auth header, 'content type' 'application/json' } ) print(response json())