website logo
⌘K
Getting Started
Introduction
Basic Concepts
Opening an Account
Creating & Configuring Products
Integrating SDK and Configuring License Fulfillment
Activate a Key-Based License
Vendor Platform
Issuing New Licenses
License Detail View
Order Detail View
Customer Detail View
Metadata
Analytics
Settings
Product Configuration
Product Features
Product Custom Fields
Product Versioning
License Policies
Product Bundles
License Entitlements
License Types
Activations & Device Transfers
Features
Custom Fields
License Start Date
License Note
Maintenance Period
Trial Licenses
Floating Licenses
License Activation Types
Portals
End-User Portal
Offline Portal
Air-Gapped Portal
License API
License API Authorization
License Activation/Deactivation
License Check
Consumption
Floating
Trial Key
Product Details
Device Variables
Changing Password
Management API
Making API Requests
Management API Authorization
Customer
Product
Order
License
Device
Analytics
SDKs
Tutorials
.NET/C# SDK
.NET/C# Management SDK
C++ SDK
Java SDK
Python SDK
Go SDK
Delphi SDK
Swift/Objective-C SDK
Android SDK
Unity SDK
Errors and Response Codes
Floating Server
API Reference
Deployment
Configuration
Floating Server UI
Securing the Server
Whitelabeling
FAQ
Floating Server Changelog
Integrations
Salesforce
FastSpring
Stripe
Shopify
Common Scenarios
Single Sign On (SSO)
Glossary
General
SDK Glossary
Vendor Platform
Product Configuration Glossary
License Configuration
Postman Collections
Frequently Asked Questions
Changelog
License API changelog
Platform changelog
Docs powered by
Archbee
License API
License API Authorization

Signature

5min

Signature in the Authorization header is a Base64-encoded HMAC-SHA256 value of signing_string.

  • First line: a constant string, licenseSpring
  • Second line
    • Take all values of designated keys in headers parameter, concatenate them with their value using : (colon and space)
    • If there are multiple parameters in headers, concatenate them with a newline (\n)

Signing_string is signed with the key associated with the customer in LicenseSpring platform and algorithm specified in algorithm. After that, the signature is encoded with Base64.

Example of Signature

Here's an example of how this works, using the fake sharedKey 'kw4qSnpSwXzgiv5yxYpZZmFEd9QAeiKTQ6OuyMja':

  • The Date header is: Tue, 07 Jun 2011 20:51:35 GMT
  • The Authorization header is: algorithm="hmac-sha256", headers="date", signature="UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=", apikey="here_is_the_api_key"
  • The signing string is: licenseSpring\ndate: Tue, 07 Jun 2011 20:51:35 GMT
  • The final signature, which is a Base64 of the hexadecimal value, comes out as: UDysfR6MndUZReo07Y9r+vErn8vSxrnQ5ulit18iJ/Q=. This signature is included in the 'Authorization' header as part of the 'signature' parameter.

Sample Code

Generating a signature

JS
Python
|
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generate headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)


Generating full HTTP request headers with SDK Demo keys

JS
Python
|
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'
uuid = '_your_uuid_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generating headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)

auth_header = ','.join([
    'algorithm="hmac-sha256"',
    'headers="date"',
    'signature="%s"' % signing_key,
    'apiKey="%s"' % uuid
])

headers = {
  'Date': date_header,
  'Authorization': auth_header
}


Full sample code for checking a license key with SDK Demo keys

JS
Python
|
import base64
import hashlib
import hmac
import time
from wsgiref.handlers import format_date_time

import requests

API_URL = 'https://api.licensespring.com'

# Can be found in `Account Settings` -> `Settings` -> `Keys`
shared_key = '_your_shared_key_goes_here_'
uuid = '_your_uuid_key_goes_here_'

def sign(secret_key, datestamp):
    msg = 'licenseSpring\ndate: %s' % datestamp
    hashed = hmac.new(bytes(secret_key, 'utf-8'), msg.encode('utf-8'), hashlib.sha256).digest()
    return base64.b64encode(hashed).decode()

# Generate headers
date_header = format_date_time(time.time())

signing_key = sign(shared_key, date_header)

auth_header = ','.join([
    'algorithm="hmac-sha256"',
    'headers="date"',
    'signature="%s"' % signing_key,
    'apiKey="%s"' % uuid
])

# Send request
product_short_code = '_your_product_short_code_goes_here_'
hardware_id = '_your_hardware_id_goes_here_'
license_key = '_your_license_key_goes_here_'

response = requests.get(
    url='{}{}'.format(API_URL, '/api/v4/check_license/'),
    params={'product': product_short_code, 'hardware_id': hardware_id, 'license_key': license_key},
    headers={
        'Date': date_header,
        'Authorization': auth_header,
        'Content-Type': 'application/json'
    }
)

print(response.json())




Updated 21 Sep 2023
Did this page help you?
PREVIOUS
License API Authorization
NEXT
Signature Verification
Docs powered by
Archbee
TABLE OF CONTENTS
Example of Signature
Sample Code
Docs powered by
Archbee