Description of signed_request
line¶
The signed_request string is a joint signature with the use of the HMAC SHA256 method for a base64-encoded data string in JSON format, point (.), and the base64-encoded data string itself in JSON format.Data are signed by thesecret key
of your application known to Admitad only. The signature helps you to get sure that the request was sent by Admitad. It is impossible to falsifysigned_request
line without a secret key.
the secret key
of the application is available for the logged in publisher at the homepage for developers (when the “Get keys” button is clicked).Example of data transferred to the application:
{ 'username': 'webmaster1', 'id': 13090, 'first_name': 'name', 'last_name': 'surname', 'algorithm': 'HMAC-SHA256', 'language': 'ru', 'access_token': '087d6cc437', 'refresh_token': '7521b7640c', 'expires_in': 604800 }Description of data fields:
Name
Description
username Login
id User ID
first_name User first name
last_name User last name
algorithm Algorithm used to create data signatures
language User language
access_token User access token
refresh_token Token used to refresh the access token
expires_in User token duration in seconds
Below is an example of Python 2.7 code for encoding data, where client_secret = a0f8a8b241d8b8182a0ddd2e89f5b1:
import hmac import json from hashlib import sha256 from base64 import b64encode data = { 'username': 'advertiser1', 'id': 13090, 'first_name': 'name', 'last_name': 'surname', 'algorithm': 'HMAC-SHA256', 'language': 'ru', 'access_token': '087d6cc437', 'refresh_token': '7521b7640c', 'expires_in': 604800 } data = b64encode(json.dumps(data)) signature = hmac.new(str(client_secret), msg=data, digestmod=sha256).hexdigest() signed_request = '%s.%s' % (signature, data)Below is an example of Python 2.7 code for encoding data:
import hmac import json from hashlib import sha256 from base64 import b64decode def decode_data(signed_request): signature, encoded_data = signed_request.split('.', 1) data = json.loads(b64decode(encoded_data)) if data.get('algorithm').upper() != 'HMAC-SHA256': return expected_signature = hmac.new( str(client_secret), msg=encoded_data, digestmod=sha256).hexdigest() if signature != expected_signature: return return dataBelow is an example of signed data (the signed_request variable):
d3ddf1100c5e47a466cafe1e0dc8cb40a4f7bc3219744be1e049dd6d7a76450c.eyJ1c2VybmFtZSI6ICJhZHZlcnRpc2VyMSIsICJmaXJzdF9uYW1lIjogIm5hbWUiLCAibGFzdF9uYW1lIjogInN1cm5hbWUiLCAiYWxnb3JpdGhtIjogIkhNQUMtU0hBMjU2IiwgImxhbmd1YWdlIjogInJ1IiwgImFjY2Vzc190b2tlbiI6ICIwODdkNmNjNDM3IiwgImV4cGlyZXNfaW4iOiA2MDgwMCwgImlkIjogMTMwOTAsICJyZWZyZXNoX3Rva2VuIjogIjc1MjFiNzY0MGMifQ==