Description of signed_request line

The signed_request string is a joint signature with the use of the HMAC SHA256 method for a base64-encoded data string in JSON format, point (.), and the base64-encoded data string itself in JSON format.
Data are signed by the secret key of your application known to Admitad only. The signature helps you to get sure that the request was sent by Admitad. It is impossible to falsify signed_request line without a secret key.
  • the secret key of the application is available for the logged in publisher at the homepage for developers (when the “Get keys” button is clicked).

Example of data transferred to the application:

{
    'username':         'webmaster1',
    'id':               13090,
    'first_name':       'name',
    'last_name':        'surname',
    'algorithm':        'HMAC-SHA256',
    'language':         'ru',
    'access_token':     '087d6cc437',
    'refresh_token':    '7521b7640c',
    'expires_in':       604800
}

Description of data fields:

Name

Description

username

Login

id

User ID

first_name

User first name

last_name

User last name

algorithm

Algorithm used to create data signatures

language

User language

access_token

User access token

refresh_token

Token used to refresh the access token

expires_in

User token duration in seconds

Below is an example of Python 2.7 code for encoding data, where client_secret = a0f8a8b241d8b8182a0ddd2e89f5b1:

import hmac
import json
from hashlib import sha256
from base64 import b64encode
data = {
    'username': 'advertiser1',
    'id': 13090,
    'first_name': 'name',
    'last_name': 'surname',
    'algorithm': 'HMAC-SHA256',
    'language': 'ru',
    'access_token': '087d6cc437',
    'refresh_token': '7521b7640c',
    'expires_in': 604800
}
data = b64encode(json.dumps(data))
signature = hmac.new(str(client_secret), msg=data, digestmod=sha256).hexdigest()
signed_request = '%s.%s' % (signature, data)

Below is an example of Python 2.7 code for encoding data:

import hmac
import json
from hashlib import sha256
from base64 import b64decode

def decode_data(signed_request):
    signature, encoded_data = signed_request.split('.', 1)
    data = json.loads(b64decode(encoded_data))
    if data.get('algorithm').upper() != 'HMAC-SHA256':
        return
    expected_signature = hmac.new(
        str(client_secret), msg=encoded_data, digestmod=sha256).hexdigest()
    if signature != expected_signature:
        return
    return data

Below is an example of signed data (the signed_request variable):

d3ddf1100c5e47a466cafe1e0dc8cb40a4f7bc3219744be1e049dd6d7a76450c.eyJ1c2VybmFtZSI6ICJhZHZlcnRpc2VyMSIsICJmaXJzdF9uYW1lIjogIm5hbWUiLCAibGFzdF9uYW1lIjogInN1cm5hbWUiLCAiYWxnb3JpdGhtIjogIkhNQUMtU0hBMjU2IiwgImxhbmd1YWdlIjogInJ1IiwgImFjY2Vzc190b2tlbiI6ICIwODdkNmNjNDM3IiwgImV4cGlyZXNfaW4iOiA2MDgwMCwgImlkIjogMTMwOTAsICJyZWZyZXNoX3Rva2VuIjogIjc1MjFiNzY0MGMifQ==