23rd Sep 2020

API Authentication

API Key Authentication

In order to authenticate your Integration API requests, you must generate an API key in the Talon.One application settings. To Generate an API key please follow the steps below:

  1. Go into your application settings section
  2. Enter the "Developer settings"
  3. Click on "Create A new API Key"


  4. Enter a title for your API key

  5. Enter an expiry date of your API key


Once the API key has been created, you can use it in your prefered SDK.

Here is an example of our Java SDK using the API key.


If you are not using our SDKs then simply add a http header in format shown below:

Authorization: ApiKey-v1 dbc644d33aa74d582bd9479c59e16f970fe13bf34a208c39d6c7fa

ℹ️ An application can have multiple API keys

ℹ️ Once an API key has been generated and displayed we cannot display the key again, this is due to the key being hashed in our database.

(Deprecated) HMAC Authentication

Integration API requests must authenticate themselves by generating an HMAC signature for each request and adding a Content-Signature header. The secret key for generating the HMAC signature can be retrieved in the Developer Settings of the Campaign Manager, or via the getApplication operation of the Management API.

Example signature generation (PHP)

The code below demonstrates how to generate the signature for a request in PHP, assuming $json_string is the JSON encoded payload of the request, $application_id is the ID of the application sending the request, and $application_key is the secret key from your application (e.g. "fefecafedeadbeef").

$key = hex2bin($application_key);
$signature = hash_hmac('md5', $json_string, $key);

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'Content-Signature: signer='.
    $application_id .'; signature='.$signature

Example signature generation (Node.js)

Here is the same example for Node.js, assuming jsonString, applicationId, and applicationKey have been defined.

var crypto = require('crypto')
var hmac = crypto.createHmac('md5', new Buffer(applicationKey, 'hex'));
var signature = hmac.read().toString('hex')
req.setHeader('Content-Signature', 'signer=' + applicationId + '; signature=' + signature)
Still need help? Get in touch!
Last updated on 23rd Sep 2020

Was this article helpful?

Thank you! You have already voted

If you’d like a member of our support team to respond to you, please send a note to support@talon.one