This means that some actions, given the nature of their responses, are not available with HEADERS format – as is the case with list operations. While HEADERS format is perfect for conveying data on a single record it is inadequate for large and/or multi-record responses. It’s lighter for both the server and the client because there is no need for encoding/decoding the contents. Whenever possible, clients should use the HEADERS output format. Custom headers (from here on referred to as HEADERS, which are headers with the prefix x-droplr-*).You’ll need to provide an input for many of the operations against the Droplr API servers, and most operations will also return an output. Signature: zwVsqm6VhEGzFhqBQM+zzvh/PJ8=ĭroplr ZmFtaWx5X2FwcDpxdWFnbWlyZUBkcm9wbHIuY29t:zwVsqm6VhEGzFhqBQM+zzvh/PJ8= Data Formats.Signature: 1cGqXOeNPRM5PPpDl1Ca/DdWesY=ĭroplr ZmFtaWx5X2FwcDpxdWFnbWlyZUBkcm9wbHIuY29t:1cGqXOeNPRM5PPpDl1Ca/DdWesY= Signature Example 2: Creating a New Note (JSON).
Signature Example 1: Reading Account Details (JSON) Do not escape the newline character when creating the signature. The pair of characters \n represents the newline character.
#Sharex droplr password#
We strongly recommend you to always store the hash of the password as your users enter their credentials, discarding the clear password as soon as possible. The hashing function for the password is SHA-1. HMAC_SHA1(ApplicationPrivateKey:UserPasswordSHA1, stringToSign)ĪpplicationPrivateKey and UserPasswordSHA1 are your application’s assigned secret key and the user’s (hashed) password.
The formula to compute the signature parameter is: Where ApplicationPublicKey and UserEmail are your application’s assigned public key and the user’s email. Starting from the end, an example of how an Authorization header should look is:Īuthorization: droplr YXBwXzBfcHVibGlja2V5OnVzZXJfMUBkcm9wbHIuY29t:3+MqSMFYYwh6grneUezBtRkunmE=Īuthorization: droplr BASE64(ApplicationPublicKey:UserEmail):signature Authentication Formula # Example Authorization headerĪuthorization: droplr YXBwXzBfcHVibGlja2V5OnVzZXJfMUBkcm9wbHIuY29t:3+MqSMFYYwh6grneUezBtRkunmE = When set, this header will take precedence over the Date header.ĭroplr API server provides many operations the ability to execute them depends on the privileges configured for the public/private API key pair assigned to an application.Īs an example, a typical third party application will be able to list drops, perform uploads, delete drops and alter user information but it won’t be able to create new accounts. If the framework you’re using doesn’t allow you to manually set the Date header, you can use the custom x-droplr-date header. Furthermore, the server keeps used signatures in a local cache – during the time window in which they are valid – in order to avoid replay attacks. If this condition fails, the requests may be discarded. This value must fall within 15 minutes (ahead or behind) the server’s clock. Protection Against Replay AttacksĪll requests must include a Date header, with the time in Unix (POSIX) format – the milliseconds elapsed since midnight January 1st, 1970, UTC. In order for you to access the API you must have a public/private key combination to access Droplr’s API server.Īuthentication works on a per-request basis, which means that every single request must be pre-signed according to its contents.ĭroplr API server uses a custom authentication method along with some other mechanisms to ensure a safe non-reversible authentication method which is also immunte to replay attacks. Public Operations Authentication & AuthorizationĪll API operations must be properly authenticated.
0 kommentar(er)
