Authentication‎ > ‎

Application Authentication

Every API call must be signed /except binary file upload/ to guarantee that it has been performed by the application which claims to have sent it.

Example

This is an example of a signed API call:

http://www.bluemelon.com/api/rest/5fa23538b2ab1de28ccf52e21b257e1e/?method=bluemelon.categories.get&categoryid=0&token=S7QysqoutjIytFIqyChwTCmOT8rJT852

Api signature is the 32-character string '5fa23538b2ab1de28ccf52e21b257e1e' which is a part of URL.

Algorithm

This is how api signature is constructed

1. Signature is a 32 character lowercase string calculated by MD5 from BASE STRING.

2. BASE STRING is construsted as follows:

API_PRIVATE_KEY?method=....

using example above, BASE STRING will be

API_PRIVATE_KEY?method=bluemelon.categories.get&categoryid=0&token=S7QysqoutjIytFIqyChwTCmOT8rJT852

3. API_PRIVATE_KEY is the private key of your application know only to you. This private key must be hardcoded in your application and should not be easily readable from your application. By compromising your private key, your application might be disabled by our system administrator and all installations will stop working immediatelly.

PublicKey

to request a public key please contact us.
Comments