| | 104 | |
|---|
| | 105 | == Signing Calls == |
|---|
| | 106 | |
|---|
| | 107 | All API calls using an Authentication Token '''must''' be signed. In addition, calls to the zooomr.auth.* methods and any/all redirections to the auth page on Zooomr must also be signed. |
|---|
| | 108 | |
|---|
| | 109 | The Signing Algorithm is as follows: |
|---|
| | 110 | |
|---|
| | 111 | * Sort your argument list into alphabetical order based on the parameter key (e.g. ''foo=1, bar=2, baz=3'' '''sorts to''' ''bar=2, baz=3, foo=1'') |
|---|
| | 112 | * Concatenate the Shared Secret and argument key-value pairs (e.g. SECRETbar2baz3foo1) |
|---|
| | 113 | * Calculate the md5() hash value of this string as a hexidecimal string |
|---|
| | 114 | * Append the hash value to the argument list with the name api_sig (e.g. api_sig=d25100ff30af7ad87f5da8a509c4b6a5) |
|---|
| | 115 | |
|---|
| | 116 | |
|---|
