MOR API hash construction

From Kolmisoft Wiki
Jump to navigationJump to search

Description

In MOR API methods we use hash parameter for better security.



Generate hash

How to construct hash to authenticate data over API

  • Concatenate all values you want to send into a single string. During hash generation you can order params the way you want, but NOTICE that order in request line should be as params was listed when hash was constructed .

For example. You want to get all answered calls of user 123 from 2009-09-09 00:03 till now. You must send user_id, period_start and calltype params.

>> time = "2009-09-09 00:03".to_time.to_i
=> "1252454580"
>> hash_string = "123" + time.to_s + "answered"  
=> "1231252454580answered"

  • Add API_Secret_Key to the end of hash_string

>> API_Secret_Key = "Very Sercet Key"
>> hash_string += API_Secret_Key
=> "1231252454580answeredVery Sercet Key"

  • Calculate SHA1 hash of hash_string

>> Digest::SHA1.hexdigest(hash_string) 
=> "b93c35d5c6183288322122561a3da7e09abb63b7"

  • Use this hash as a hash parameter in API calls.



NOTE that all allowed params are put down in documentation of MOR API methods

Examples

Example of User Update Api hash string:

581asdfghjkl

  • 581 - is user ID
  • asdfghjkl - is API key

Such string should be used to generate SHA1 hash.



Hash check

This functionality is only available for administrator. Go to SETTINGS -> Setup -> Generate hash. Let's assume that API secret key is set to MORMOR. Enter uri and click Generate:

Generatehash.png

As it is written by the information icon, parameters are shown in the same order as they were when generating hash.

See also