Request Signing.

Only messages signed using HMAC-SHA1 signature algorithm [RFC2104] will be accepted by the Streamtime API. All GET and POST parameters (in that order) must be encoded into a string using Parameter Encoding. This will form the data that will be hashed. The hash key to use is the Secure Secret.

Request Examples:

PHP Post Request to Streamtime API.

<?php
// Set your API key and secret here. Change the subdomain to the one chosen in Addon Setup.
$api_key        = 'YOUR_API_KEY';
$api_secret     = 'YOUR_API_SECRET';
$api_url        = 'https://you.mystreamtime.com/api/streamtime/1.1/endpoint/';

// Do the same for GET requests, just append the result of http_build_query to the end of your $api_url.
$post_data = array(
    'key' => $api_key,
    'xml' => '<xml />'
);
$post_body = http_build_query( $post_data );

// Generate the request signature string.
$api_signature = base64_encode( hash_hmac( "sha1", $post_body, $api_secret, true ) );

$headers = array(
    'Accept: application/json',                // Or application/xml
    'X-Request-Signature: '.$api_signature
);

$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $api_url );
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );
curl_setopt( $ch, CURLOPT_POST, 1 );
curl_setopt( $ch, CURLOPT_POSTFIELDS, $post_data );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );

$data = curl_exec($ch);
curl_close($ch);

if( $data ){
   
    // Decode JSON response.
    $result = json_decode( $data );
   
    // Or use an XML parser if you changed the 'Accepts' header to xml.
    // $result = simplexml_load_string( $data );    

} else {
    echo curl_error( $ch );
}
?>

PHP GET Request to Streamtime API.

<?php
// Set your API key and secret here. Change the subdomain to the one chosen in Addon Setup.
$api_key        = 'YOUR_API_KEY';
$api_secret     = 'YOUR_API_SECRET';
$api_url        = 'https://you.mystreamtime.com/api/streamtime/1.1/endpoint/';

$post_data = array(
   'key' => $api_key,
   'xml' => ''
);
$post_body = http_build_query( $post_data );

// Generate the request signature string.
$api_signature = base64_encode( hash_hmac( "sha1", $post_body, $api_secret, true ) );

$headers = array(
   'Accept: application/json',                // Or application/xml
   'X-Request-Signature: '.$api_signature
);


$ch = curl_init();
curl_setopt( $ch, CURLOPT_URL, $api_url.'?'.$post_body );
curl_setopt( $ch, CURLOPT_HTTPHEADER, $headers );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, 1 );

$data = curl_exec($ch);

if( $data ){

   // Decode JSON response.
   $result = json_decode( $data );
   echo $data;
   // Or use an XML parser if you changed the 'Accepts' header to xml.
   // $result = simplexml_load_string( $data );    

} else {
   echo curl_error( $ch );
}

curl_close($ch);

?>

Ruby Post Request to Streamtime API.

require 'rubygems'
require 'base64'
require 'cgi'
require 'openssl'
require 'addressable/uri'
require 'net/https'

api_key = "YOUR_API_KEY"
api_secret = "YOUR_API_SECRET"
api_uri = Addressable::URI.parse("https://you.mystreamtime.com/api/streamtime/1.1/test/")

# Create the post data hash.
post_data = {
"key" => api_key,
"json" => "{}"
}

# Convert the post body to get parameters. This forms the basis of the API Signature.
post_body = Addressable::URI.new
post_body.query_values = post_data

# Generate the API request signature.
api_signature = Base64.encode64(OpenSSL::HMAC.digest('sha1', post_body.query, api_secret ))

# Set up the HTTPS request.
http = Net::HTTP.new(api_uri.host, 443)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

# Define the post request details.
request = Net::HTTP::Post.new(api_uri.request_uri)
request["Accept"] = "application/json"
request["X-Request-Signature"] = api_signature.chomp!
request.set_form_data(post_data)

# Do the request.
response = http.request(request)

# Check for a successful response.
if response.code == 200

# Decode the json response. If we were running an XML request,
# the response would need to be parsed as XML
result = ActiveSupport::JSON.decode( response.body )

else
print response.code + "\n"
print response.body
end

post_body.content


Python Get Request to Streamtime API.

from hashlib import sha1 
import hmac
import json
import urllib
import base64

#Requests Library http://docs.python-requests.org/en/latest/
import requests

api_key = 'YOUR_API_KEY'
api_secret = 'YOUR_API_SECRET'
api_url = 'https://you.mystreamtime.com/api/streamtime/1.1/ENDPOINT/'

#Encode as tuple pair list to prevent urllib.urlencode from
#sorting keys alphabetically
#Tuples after the key are sent as JSON
data = [('key',api_key),('FIELD1','FIELD1VALUE'),('FIELD2','FIELD2VALUEA FIELD2VALUEB')]
http_query = urllib.urlencode(data)

#Hash the query and secret using SHA1-HMAC
hashed = hmac.new(api_secret, http_query, sha1)

#And generate an API sigunature to send with the request
api_signature = hashed.digest().encode('base64').rstrip('\n')

headers = {'Accept': 'application/json',
        'X-Request-Signature': api_signature}

#Use the Requests library's get() method to
post_body = requests.get(api_url, params=http_query, headers=headers)
 
#Check the status code and print the returned JSON
if post_body.status_code == '200':
    print post_body.json()
#Otherwise, print us an error we can evaluate
else:
    print post_body.content

Parameter encoding. 

All parameter names and values are escaped using the [RFC3986] percent-encoding (%xx) mechanism. Characters not in the unreserved character set ([RFC3986] section 2.3) MUST be encoded. Characters in the unreserved character set MUST NOT be encoded. Hexadecimal characters in encodings MUST be upper case. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629].

Did this answer your question?