Signature Generation (Deprecated)

API queries are required to be signed in order to ensure account security.

Note: This software is deprecated. Use the latest version.

We present these steps as an example of generating a signed API request. The query produced in this example is valid and illustrates how to compose and sign a qualified request.

For account-specific codes for Provider ID (pcode) and Secret (secret), see Your API Credentials. Your pcode is the 28-character alphanumeric string that precedes the period in the API Key. The Secret Code is 40 characters long. Both are case sensitive and include alphanumeric characters, dashes (-), and underscores (_). These codes are required to generate a signature for each request to and from the Ooyala servers.

Partner Code: lsNTrbQBqCQbH-VA6ALCshAHLWrV
Secret Code: hn-Rw2ZH-YwllUYkklL5Zo_7lWJVkrbShZPb5CD1
Note: These parameters point to a shared account accessible via API to any Backlot partner for preliminary testing. Content and metadata uploaded to this account is visible to all users.

The pcode, secret code, all required parameters, and all included optional parameters are used to generate a SHA-256 signature for the call. We present this example on how to generate a signature and URI-encode the parameters for the call.

  1. Begin with the 40 character API Secret Code (see Your API Credentials).
  2. Sort the parameter names alphabetically and append <name>=<value> pairs to the string. The SHA-256 signature is generated with the result, which does not include the pcode.This example uses expires=1893013926, label[0]=any/some, statistics=1d,2d,7d,28d,30d,31d,lifetime, status=upl,live, and title=a.
    hn-Rw2ZH-YwllUYkklL5Zo_7lWJVkrbShZPb5CD1expires=1893013926label[0]=any/somestatistics=1d,2d,7d,28d,30d,31d, lifetime,status=upl,live,title=a
  3. Generate an SHA-256 digest in base 64 format on this string, truncate the string to 43 characters and drop any trailing '=' signs. URI encode the signature specifically '+','=', and '/'. This example produces a signature of
  4. To create the final query URL, begin with and the Partner Code from the Developers area of your Backlot Account tab. Append the query parameters in alphabetic order, separated with & and end with signature=<signature> to include the digest computed in Step 3.

    All parameters must be URI-escaped before being added to the query. Parameters should be URI-escaped in the query, not when generating the signature.

해당 내용이 도움 되었습니까?