Ir al contenido principal
Todas las coleccionesAPI developer's guideVERSION 2
Authentication in ForceManager API
Authentication in ForceManager API
Training avatar
Escrito por Training
Actualizado hace más de un año

FM RESTful API authentication is performed using:

  • An API Public Key that will be sent on the header of the request. It will be transferred in plain format.

  • A Unix Timestamp value set on the request header for the current time in UTC+1.

  • A message signature, which will include the API Private Key (this key will never travel on the communication in plain text). The signature should be a SHA1 hash calculated concatenating the Unix Timestamp, the public key and the private key.

Message Signature = sha1(UnixTimestamp+APIPublicKey+APIPrivateKey)

This is the list of the authentication headers:

Header

Description

X-FM-PublicKey

FM API Public key

X-FM-UnixTimestamp

Unix timestamp (also known as Epoch/Posix time) in UTC time zone

X-FM-Signature

The message hash/signature

To configure these values, you should set the custom HTTP headers on the request. For example, with cURL, the –H parameter is used to set headers on the request (the API keys shown in this example are just used as an example):

curl -H "X-FM-PublicKey: asdkjhadil37lasbmghgsjvsd" -H "X-FM-UnixTimestamp: 1410507373" -H "X-FM-Signature: jmfkdf74ikbs7ced586143aac59207a50mghgsjvsd" …

Important: The FM API implements a Pre-Shared key procedure for authentication. This means that the API Private Key, should never go on the request in plain mode and you must ensure that only authorized processes/persons have access to this key.

¿Ha quedado contestada tu pregunta?