Integration API Authentication

Integration API requests must authenticate themselves by generating an HMAC signature for each request and adding a Content-Signature header. The secret key for generating the HMAC signature can be retrieved in the Developer Settings of the Campaign Manager, or via the getApplication operation of the Management API.

Example signature generation (PHP)

The code below demonstrates how to generate the signature for a request in PHP, assuming $json_string is the JSON encoded payload of the request, $application_id is the ID of the application sending the request, and $application_key is the secret key from your application (e.g. "fefecafedeadbeef").

$key = hex2bin($application_key);
$signature = hash_hmac('md5', $json_string, $key);

curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    'Content-Type: application/json',
    'Content-Signature: signer='.
    $application_id .'; signature='.$signature
));

Example signature generation (Node.js)

Here is the same example for Node.js, assuming jsonString, applicationId, and applicationKey have been defined.

var crypto = require('crypto')
var hmac = crypto.createHmac('md5', new Buffer(applicationKey, 'hex'));
hmac.write(jsonString);
hmac.end()
var signature = hmac.read().toString('hex')
req.setHeader('Content-Signature', 'signer=' + applicationId + '; signature=' + signature)
req.write(buff)