MyTracker
Docs
新闻
登录
联系我们
中文 EN RU

API Authentication

To use MyTracker API you need to collect the first statistic on your project and get authentication data. All requests to API must be signed using Secret key and API User ID.

Request Signing

At the moment we support only one way for API request signing — HMAC SHA1.

There is a common consistency:

  1. Create a baseline.
    Using an ampersand (&) connect followings components:
    • Request method (GET/POST).
    • Complete URL (made up of a scheme, a hostname and GET parameters) in percent-encoding
    • Request body converted into a percent-encoded string.
    For example, the baseline for the GET request https://tracker.my.com/api/raw/v1/export/get.json is the following 
    GET&https%3A%2F%2Ftracker.my.com%2Fraw%2Fv1%2Fexport%2Fget.json&
  2. Create a signature.
    Signing is created by taking the baseline and the Secret key, by using HMAC SHA1 and base64 algorithms: 
    Base64-encode(HMAC-SHA1(baseline, secret key))
  3. Add the Authorization HTTP header for the request.
    The header should contain the following components:
    • Authentication type = AuthHMAC
    • Your API User ID
    • Your signature
    Authorization: AuthHMAC APIUserID:signature
    For example: 
    Authorization: AuthHMAC 87657:3RT1/n0b73A63xLDnb0wrvFPMC8=

Calculation example

Input parameters

  • API User ID: 77658
  • Secret key: 72d2erEtbynf6f7ZYTsYKnb7
  • Method: GET
  • Complete URL: https://tracker.my.com/api/raw/v1/export/get.json?idReport=4

In result we get

  • Baseline: 
    GET&https%3A%2F%2Ftracker.my.com%2Fapi%2Fraw%2Fv1%2Fexport%2Fget.json%3FidReport%3D4&
  • Signature: 
    PqrQR8zsgQU9Qcocjp6T6hnjF8Y=
  • HTTP header: 
    Authorization: AuthHMAC 77658:PqrQR8zsgQU9Qcocjp6T6hnjF8Y=

Source code examples

from urllib.parse import quote
from binascii import b2a_base64
from hashlib import sha1
from hmac import new

def get_signature(api_user_id, secret_key, url, method='GET', post_data=None):
    method = method.upper()
    data = post_data if post_data else ''
    string = '%s&%s&%s' % (
        method,
        quote(url, safe='~'),
        quote(data, safe='~')
    )

    signature = b2a_base64(
        new(
            bytearray(secret_key, 'utf-8'),
            bytearray(string, 'utf-8'),
            sha1
        ).digest()).decode().rstrip('\n')

    return 'AuthHMAC %s:%s' % (api_user_id, signature)
function getSignature($APIUserId, $secretKey, $url, $method='GET', $post_data=null) {
    $method = strtoupper($method);
    $data = $post_data ? $post_data : '';
    $string = sprintf('%s&%s&%s', $method, rawurlencode($url), rawurlencode($data));
    $signature = base64_encode(hash_hmac('sha1', $string, $secretKey, true));
    return sprintf('AuthHMAC %s:%s', $APIUserId, $signature);
}
Was this article helpful?
    By business type SMB Enterprise Agencies Partners E-commerce
    By use case Analyze product Optimize ads Research audience Grow and predict revenue Ad fraud protection
    By platform For websites For apps Future LTV calculator iOS 14.5+ solutions
    About MyTracker Why MyTracker
    Resources 文档 博客 Ebooks Infographic
    隐私政策 & 法律文件 © 2024 MyTracker
    Sorry, the translation has not been completed yet