Skip to Content

Scripting Example - Generate HMAC HASH using Private Token

This example illustrates using a C# Plugin with a REST API for Authentication. This specific examle required generating an HMAC HASH using a private token, a unique per request reference, and an epoch timestamp.

For communication use, a 'private token' (and an organization reference) is given. Keep this token secret.

Each request will contain 3 (extra) headers:

  • Authentication-Reference: (String) - A reference, must be unique per request. The format is unspecified.
  • Authentication-epoch: (Number) - A Unix epoch timestamp in number of seconds from 1/1/1970.
  • Authentication-Signature: (String) - The signed combination of Reference and epoch using the private token.

To validate a request the following steps are needed:

  • Authentication-epoch should not be more than 5 minutes ago.
  • Authentication-Reference should not be reused. This reference is a unique string, for example a GUID.
  • A string is created with the concatenation of Authentication-Reference and Authentication-epoch.
  • This string is hashed according to the SHA512 digest.
  • The digest is HMAC encoded with a 'private token' as key (known by both sender and receiver).
  • The hex value of this hash (lower case, no spaces or dashes), and should match the Authentication-Signature.

Script Example

using System;
using System.Text;
using System.Security.Cryptography;
var epoch = (long)(DateTime.UtcNow - new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc)).TotalSeconds;
string privateKey = Request.Headers["Authentication-Private-Key"]; 
string reference = Request.Headers["Authentication-Reference"] + epoch;
HMAC hMAC=new HMACSHA512(Encoding.UTF8.GetBytes(privateKey));
byte[] tokens = hMAC.ComputeHash(Encoding.UTF8.GetBytes(reference));
string authToken = BitConverter.ToString(tokens).Replace( "-" , "" ).
ToLower();
Request.Headers["Authentication-Signature"] = authToken;
Request.Headers["Authentication-Epoch"] = epoch.ToString();
Request.Headers.Remove("Authentication-Private-Key");

Endpoint Parameters Required

  • Authentication-Private-Key: The Private Key given
  • Authentication-Reference: Random String, different per request, can be a UUID