Admitad Developers
Admitad DevelopersKnowledge BaseFor AdvertisersAuth Description
Knowledge Base
For Publishers Auth Description API Parameters Publisher API Methods Client Libraries For Advertisers Auth Description Parameters of Request Advertiser API Methods Client libraries

Description of signed_request line

The signed_request string is a joint signature with the use of the HMAC SHA256 method for a base64-encoded data string in JSON format, point (.), and the base64-encoded data string itself in JSON format.

Data are signed by the secret key of your application known to Admitad only. The signature helps you to get sure that the request was sent by Admitad. It is impossible to falsify signed_request line without a secret key.

  • The app ``secret key` is available for the` authorized advertiser in their personal account (by clicking the "Show credentials" button).

Example of data transferred to the application:

{

    'username':         'advertiser1',

    'id':               13090,

    'first_name':       'name',

    'last_name':        'surname',

    'algorithm':        'HMAC-SHA256',

    'language':         'ru',

    'access_token':     '087d6cc437',

    'refresh_token':    '7521b7640c',

    'expires_in':       604800

}

Description of data fields:

Name Description
username Login
id User ID
first_name User first name
last_name User last name
algorithm Algorithm used to create data signatures
language User language
access_token User access token
refresh_token Token used to refresh the access token
expires_in User token duration in seconds

Below is an example of Python 2.7 code for encoding data, where client_secret = a0f8a8b241d8b8182a0ddd2e89f5b1:

import hmac

import json

from hashlib import sha256

from base64 import b64encode

data = {

    'username': 'advertiser1',

    'id': 13090,

    'first_name': 'name',

    'last_name': 'surname',

    'algorithm': 'HMAC-SHA256',

    'language': 'ru',

    'access_token': '087d6cc437',

    'refresh_token': '7521b7640c',

    'expires_in': 604800

}

data = b64encode(json.dumps(data))

signature = hmac.new(str(client_secret), msg=data, digestmod=sha256).hexdigest()

signed_request = '%s.%s' % (signature, data)

Below is an example of Python 2.7 code for encoding data:

import hmac

import json

from hashlib import sha256

from base64 import b64decode



def decode_data(signed_request):

    signature, encoded_data = signed_request.split('.', 1)

    data = json.loads(b64decode(encoded_data))

    if data.get('algorithm').upper() != 'HMAC-SHA256':

        return

    expected_signature = hmac.new(

        str(client_secret), msg=encoded_data, digestmod=sha256).hexdigest()

    if signature != expected_signature:

        return

    return data

Below is an example of signed data (the signed_request variable):

d3ddf1100c5e47a466cafe1e0dc8cb40a4f7bc3219744be1e049dd6d7a76450c.ey
J1c2VybmFtZSI6ICJhZHZlcnRpc2VyMSIsICJmaXJzdF9uYW1lIjogIm5hbWUiLCAibGFzdF9
uYW1lIjogInN1cm5hbWUiLCAiYWxnb3JpdGhtIjogIkhNQUMtU0hBMjU2IiwgImxhbmd1YWdlIjog
InJ1IiwgImFjY2Vzc190b2tlbiI6ICIwODdkNmNjNDM3IiwgImV4cGlyZXNfaW4iOiA2MDgwMCwgImlkI
jogMTMwOTAsICJyZWZyZXNoX3Rva2VuIjogIjc1MjFiNzY0MGMifQ==