Log in

API Authentication

To use MyTracker API you need to collect the first statistic on your project and get authentication data. All requests to API must be signed using Secret key and API User ID.

Request Signing

At the moment we support only one way for API request signing — HMAC SHA1.

There is a common consistency:

  1. Create a baseline.
    Using an ampersand (&) connect followings components:
    • Request method (GET/POST).
    • Complete URL (made up of a scheme, a hostname and GET parameters) in percent-encoding
    • Request body converted into a percent-encoded string.
    For example, the baseline for the GET request https://tracker.my.com/api/raw/v1/export/get.json is the following
  2. Create a signature.
    Signing is created by taking the baseline and the Secret key, by using HMAC SHA1 and base64 algorithms:
    Base64-encode(HMAC-SHA1(baseline, secret key))
  3. Add the Authorization HTTP header for the request.
    The header should contain the following components:
    • Authentication type = AuthHMAC
    • Your API User ID
    • Your signature
    Authorization: AuthHMAC APIUserID:signature
    For example:
    Authorization: AuthHMAC 87657:3RT1/n0b73A63xLDnb0wrvFPMC8=

Calculation example

Input parameters

  • API User ID: 77658
  • Secret key: 72d2erEtbynf6f7ZYTsYKnb7
  • Method: GET
  • Complete URL: https://tracker.my.com/api/raw/v1/export/get.json?idReport=4

In result we get

  • Baseline:
  • Signature:
  • HTTP header:
    Authorization: AuthHMAC 77658:PqrQR8zsgQU9Qcocjp6T6hnjF8Y=

Source code examples

from urllib.parse import quote
from binascii import b2a_base64
from hashlib import sha1
from hmac import new

def get_signature(api_user_id, secret_key, url, method='GET', post_data=None):
    method = method.upper()
    data = post_data if post_data else ''
    string = '%s&%s&%s' % (
        quote(url, safe='~'),
        quote(data, safe='~')

    signature = b2a_base64(
            bytearray(secret_key, 'utf-8'),
            bytearray(string, 'utf-8'),

    return 'AuthHMAC %s:%s' % (api_user_id, signature)
function getSignature($APIUserId, $secretKey, $url, $method='GET', $post_data=null) {
    $method = strtoupper($method);
    $data = $post_data ? $post_data : '';
    $string = sprintf('%s&%s&%s', $method, rawurlencode($url), rawurlencode($data));
    $signature = base64_encode(hash_hmac('sha1', $string, $secretKey, true));
    return sprintf('AuthHMAC %s:%s', $APIUserId, $signature);
Was this article helpful?