Admitad Developers
Admitad DevelopersKnowledge BaseFor PublishersAuth Description
Knowledge Base
For Publishers Auth Description API Parameters Publisher API Methods Client Libraries For Advertisers Auth Description Parameters of Request Advertiser API Methods Client libraries

Description of signed_request line

The signed_request string is a joint signature with the use of the HMAC SHA256 method for a base64-encoded data string in JSON format, point (.), and the base64-encoded data string itself in JSON format.

Data are signed by the secret key of your application known to Admitad only. The signature helps you to get sure that the request was sent by Admitad. It is impossible to falsify signed_request line without a secret key.

  • The app ``secret key`` is available for the authorized publisher in their account (by clicking the “Show credentials” button).

Example of data transferred to the application:

{

    'username':         'webmaster1',

    'id':               13090,

    'first_name':       'name',

    'last_name':        'surname',

    'algorithm':        'HMAC-SHA256',

    'language':         'ru',

    'access_token':     '087d6cc437',

    'refresh_token':    '7521b7640c',

    'expires_in':       604800

}


Description of data fields:

Name Description
username Login
id User ID
first_name User first name
last_name User last name
algorithm Algorithm used to create data signatures
language User language
access_token User access token
refresh_token Token used to refresh the access token
expires_in User token duration in seconds


Example of Python 2.7 code for encoding data, where client_secret = a0f8a8b241d8b8182a0ddd2e89f5b1:

import hmac

import json

from hashlib import sha256

from base64 import b64encode

data = {

    'username': 'advertiser1',

    'id': 13090,

    'first_name': 'name',

    'last_name': 'surname',

    'algorithm': 'HMAC-SHA256',

    'language': 'ru',

    'access_token': '087d6cc437',

    'refresh_token': '7521b7640c',

    'expires_in': 604800

}

data = b64encode(json.dumps(data))

signature = hmac.new(str(client_secret), msg=data, digestmod=sha256).hexdigest()

signed_request = '%s.%s' % (signature, data)


Example of Python 2.7 code for encoding data:

import hmac

import json

from hashlib import sha256

from base64 import b64decode



def decode_data(signed_request):

    signature, encoded_data = signed_request.split('.', 1)

    data = json.loads(b64decode(encoded_data))

    if data.get('algorithm').upper() != 'HMAC-SHA256':

        return

    expected_signature = hmac.new(

        str(client_secret), msg=encoded_data, digestmod=sha256).hexdigest()

    if signature != expected_signature:

        return

    return data


Example of signed data (the signed_request variable):

d3ddf1100c5e47a466cafe1e0dc8cb40a4f7bc3219744be1e049dd6d7a76450c.eyJ1c2Vybm
FtZSI6ICJhZHZlcnRpc2VyMSIsICJmaXJzdF9uYW1lIjogIm5hbWUiLCAibGFzdF9uYW1lIjogI
nN1cm5hbWUiLCAiYWxnb3JpdGhtIjogIkhNQUMtU0hBMjU2IiwgImxhbmd1YWdlIjogInJ1Iiwg
ImFjY2Vzc190b2tlbiI6ICIwODdkNmNjNDM3IiwgImV4cGlyZXNfaW4iOiA2MDgwMCwgImlkIjo
gMTMwOTAsICJyZWZyZXNoX3Rva2VuIjogIjc1MjFiNzY0MGMifQ==