Example in PHP
From version 4.0 the recommended authentication method is JWT and not the URL signing described below
Example of how to sign a request in PHP
index.php
<?php
include "MeridixSign.class.php";
// Test parameters
$url = "http://site.meridix.se/api/customer/listcustomers";
$token = "35f94ba7c9bd4b7777b66baa8b566c28";
$secret = "1a9e39f72f324a8";
// Construct a new webservice caller object with the parameters above.
$mws = new MeridixSign($url, $token, $secret);
/// Redirect to a signed URL
header("Location: " . $mws->getSignedUrl());
?>
MeridixSign.class.php
<?php
class MeridixSign {
private $url;
private $token;
private $secret;
public function __construct($url, $token, $secret) {
// Set the correct timezone to ensure that gmtime gives the right result.
date_default_timezone_set("Europe/Stockholm");
$this->url = $url;
$this->token = $token;
$this->secret = $secret;
}
public function getSignedUrl() {
// Create a random hex-value to use as nonce
$nonce = substr(md5(rand()), 0, 8);
// Create an array with the parameters to be used
$params = array(
"auth_nonce=" . $nonce,
"auth_timestamp=" . gmdate("YmdHis"),
"auth_token=" . $this->token
);
// Sort query params in alphabetical order
sort($params);
// Reassemble the sorted parameters into a query string by putting and
// ampersand character between each parameter.
$qs = implode("&", $params);
// Concatenate method, url (without query string), query string and
// the secret with ampersands inbetween
//
// IMPORTANT - The GET&-prefix must be change to POST& etc. when using different HTTP Verbs than GET.
//
$encodedurl = "GET&" . urlencode($this->url) . "&" .urlencode($qs) .
"&" . $this->secret;
// Create an md5 signature of the complete encoded url
$sig = md5($encodedurl);
// Return the signed url
return $this->url . "?" . $qs . "&auth_signature=" . $sig;
}
}
?>
Thanks to Mikael Jansson at iCentrex for the original code (this version is modified by Meridix)
Webpage: www.meridix.se
Email: support@meridix.se
Tel: +46 (0) 21 38 30 32