How to sign a request
All requests to Flipsnack API must contain an API key provided by us along with the signature of the request. This signature is calculated using an API Secret Key which we provide along with the API key. The signature proves that you are the owner of the account making the requests.
Note: These keys are secret and they should not be disclosed or shared with anyone else. Flipsnack does know your API key and secret key and no one who legitimately represents Flipsnack will ask for these keys.
Signing a Flipsnack API request is a easy:
- Sort the request parameters alphabetically, but exclude the signature parameter (e.g action=3, collectionHash=1, apiKey=2 results to action=3, apiKey=2, collectionHash=1).
- Create a string by concatenating the API secret key and request key-value pairs which were ordered alphabetically (e.g. secretKeyaction3apiKey2collectionHash1).
- The signature is the MD5 hash of the previous string.
- Include the signature parameter to the API request (e.g. signature=26e781d3d1751d82ec284acf4a019def).
If the request is incorrectly signed the API will return with the error code "44 - Invalid signature".
We need to get information about the collection identified with the hash fxh4k89. The API key is 45FD-267-7SG7832 and the API secret key is 123ABCDE-456-7890-FGH. In this case the request parameters are:
Next, we concatenate the secret key to the previous list:
The MD5 hash generated for the previous string is 26e781d3d1751d82ec284acf4a019. This hash is finally assigned to the signature parameter. The final request would look like this:
Note: The API key, secret key and collection hash specified above are all fictional and are used for example purposes only.