Description of signed_request line¶

The signed_request string is a joint signature with the use of the HMAC SHA256 method for a base64-encoded data string in JSON format, point (.), and the base64-encoded data string itself in JSON format.

Data are signed by the secret key of your application known to Admitad only. The signature helps you to get sure that the request was sent by Admitad. It is impossible to falsify signed_request line without a secret key.

• the secret key of the application is available for the logged in publisher at the homepage for developers (when the “Get keys” button is clicked).

Example of data transferred to the application:

{
    'username':         'webmaster1',
    'id':               13090,
    'first_name':       'name',
    'last_name':        'surname',
    'algorithm':        'HMAC-SHA256',
    'language':         'ru',
    'access_token':     '087d6cc437',
    'refresh_token':    '7521b7640c',
    'expires_in':       604800
}

Description of data fields:

Name	Description
username	Login
id	User ID
first_name	User first name
last_name	User last name
algorithm	Algorithm used to create data signatures
language	User language
access_token	User access token
refresh_token	Token used to refresh the access token
expires_in	User token duration in seconds

Below is an example of Python 2.7 code for encoding data, where client_secret = a0f8a8b241d8b8182a0ddd2e89f5b1:

import hmac
import json
from hashlib import sha256
from base64 import b64encode
data = {
    'username': 'advertiser1',
    'id': 13090,
    'first_name': 'name',
    'last_name': 'surname',
    'algorithm': 'HMAC-SHA256',
    'language': 'ru',
    'access_token': '087d6cc437',
    'refresh_token': '7521b7640c',
    'expires_in': 604800
}
data = b64encode(json.dumps(data))
signature = hmac.new(str(client_secret), msg=data, digestmod=sha256).hexdigest()
signed_request = '%s.%s' % (signature, data)

Below is an example of Python 2.7 code for encoding data:

import hmac
import json
from hashlib import sha256
from base64 import b64decode

def decode_data(signed_request):
    signature, encoded_data = signed_request.split('.', 1)
    data = json.loads(b64decode(encoded_data))
    if data.get('algorithm').upper() != 'HMAC-SHA256':
        return
    expected_signature = hmac.new(
        str(client_secret), msg=encoded_data, digestmod=sha256).hexdigest()
    if signature != expected_signature:
        return
    return data

Below is an example of signed data (the signed_request variable):

d3ddf1100c5e47a466cafe1e0dc8cb40a4f7bc3219744be1e049dd6d7a76450c.eyJ1c2VybmFtZSI6ICJhZHZlcnRpc2VyMSIsICJmaXJzdF9uYW1lIjogIm5hbWUiLCAibGFzdF9uYW1lIjogInN1cm5hbWUiLCAiYWxnb3JpdGhtIjogIkhNQUMtU0hBMjU2IiwgImxhbmd1YWdlIjogInJ1IiwgImFjY2Vzc190b2tlbiI6ICIwODdkNmNjNDM3IiwgImV4cGlyZXNfaW4iOiA2MDgwMCwgImlkIjogMTMwOTAsICJyZWZyZXNoX3Rva2VuIjogIjc1MjFiNzY0MGMifQ==