Signature Generation

To use the Pandexio Core API, each request must be signed with an HMAC code and include all Pandexio authorization headers or all Pandexio parameters in the query string.

Using Authorization Headers

Requests can be authorized by adding the authorization headers shown below.

HeaderValue
AuthorizationPDX {PUBLIC_KEY}:{REQUEST_SIGNATURE}
X-PDX-Meta-TimestampUTC timestamp.
X-PDX-Meta-Email User email address.
X-PDX-Meta-FullNameUser full name.

The public key is the public key for your application that was created using the App Console.  The request signature is the Base64 encoded request signature described in the signature generation section below.

Example Header Values

AuthorizationPDX 76828617BF24:IQRxyhk1d9w45/9XEAB3RKmlPNs=
X-PDX-Meta-Timestamp2013-03-20T14:15:45Z
X-PDX-Meta-Email jsmith@company.com
X-PDX-Meta-FullNameJohn Smith

Using Query String

Requests can also be authorized by adding URL encoded query string values to the request URL as shown below.  

Parameter NameValue
PdxPublicKey{PUBLIC_KEY}
PdxRequestSignature{REQUEST_SIGNATURE}
PdxTimestampUTC Timestamp.
PdxEmailUser email address.
PdxFullNameUser full name.

The public key is the public key for your application that was created using the App Console.  The request signature is the Base64 encoded request signature described in the signature generation section below.

Example Query String

PdxPublicKey=12345&PdxRequestSignature=76828617BF24%3aIQRxyhk1d9w45%2f9XEAB3RKmlPNs%3d&PdxTimestamp=2013-03-20T14%3a15%3a45Z&PdxEmail=jsmith%40company.com&PdxFullName=John%20Smith

 

Signature Generation

To create the request signature, generate the SHA1 hash code of the ASCII encoded signing string, using the ASCII encoded private key as SHA1 key.

Pseudo Code

string GenerateSignature(string stringToSign, string privateKey)
{
    var encodedSringToSign = ASCII_Encode(stringToSign);
    var encodedPrivateKey = ASCII_Encode(privateKey);
    var signature = SHA1_Hash(encodedSringToSign, encodedPrivateKey);
    return signature;
}

Signing String Creation

To build the signing string used in the code sample above, concatenate the lowercase UTC server time in web format, the lowercase user email address, and the lowercase user full name using '|' as a delimiter between each field.

Pseudo Code

string BuildStringToSign()
{
    var stringToSign = lowercaseUTCTimestamp + '|' +
                       lowercaseUserEmail + '|' +
                       lowercaseUserFullName;

    return stringToSign;
}

Example Signing String

2013-03-20t14:15:45z|jsmith@company.com|john smith