Authentication
The app authentication is done by checking the request headers. A registered app must know its authentication values because it has the necessary data to generate the authentication key.
Once an app is created with a given name, the API returns the creation information with two new params (an app identification and a secret). When an agent wants to use the API it must send its authentication values in order to verify that it can use the system.
The authentication params must go via the request headers:
- In a header named X-App-Id it should be stored the app id received from the creation of the app.
- In a header named X-App-Auth it should be stored the app authentication generated.
The algorithm that generates the authentication key is a result of an MD5 encoding, it must be a string of the name of the app followed by the current date ('Y-m-d') and followed by the secret of the app (obtained when the app is created):
<?php
$authToken = md5("$app_name" + date("Y-m-d") + "$app_secret")
Updated less than a minute ago