Authentication

In order to retrieve data from the deemly API you will need to send us some encrypted headers.

You do this by passing the App ID and Secret Key you find under Settings in he deemly portal. We have a Security Manager Class to take of this

C#


/// 
/// Token-based authentication for REST web services.    
/// 
public class SecurityManager
{
private const string Algorithm;
private const string Salt;
private static int _expirationMinutes = 10;

//Our Salt and Algorithm
public SecurityManager(string salt="YOUR_APP_SALT", string algorithm="HmacSHA256")
{
    Salt=salt;
    Algorithm=algorithm;
}
public string ComputeSecureString()
{
    using (RandomNumberGenerator rng = new RNGCryptoServiceProvider())
    {
        byte[] tokenData = new byte[32];
        rng.GetBytes(tokenData);
        return Convert.ToBase64String(tokenData);
    }
}        
/// 
/// Generates a token to be used in API calls.
/// The token is generated by hashing a message with a key, using HMAC SHA256.
/// The message is: appId:userAgent:timeStamp
/// The key is: secretKey:salt
/// The resulting token is then concatenated with appId:timeStamp and the result base64 encoded.
/// 
/// API calls may then be validated by:
/// 1. Base64 decode the string, obtaining the token, appId, and timeStamp.
/// 2. Ensure the timestamp is not expired.
/// 2. Lookup the user's secretKey from the db (cached).
/// 3. Hash the appId:userAgent:timeStamp with the key of secretKey:salt to compute a token.
/// 4. Compare the computed token with the one supplied and ensure they match.
/// 
public string GenerateToken(string appId, string secretKey, string userAgent, long ticks)
{
    string hash = string.Join(":", appId, userAgent, ticks.ToString());
    string hashLeft = "";
    string hashRight = "";
    using (var hmac = HMAC.Create(Algorithm))
    {
        hmac.Key = Encoding.UTF8.GetBytes(GetHashedSecret(secretKey));
        hmac.ComputeHash(Encoding.UTF8.GetBytes(hash));
        hashLeft = Convert.ToBase64String(hmac.Hash);
        hashRight = string.Join(":", appId, ticks.ToString());
    }
    return Convert.ToBase64String(Encoding.UTF8.GetBytes(string.Join(":", hashLeft, hashRight)));
}
/// 
/// Returns a hashed appId + salt, to be used in generating a token.
/// 
/// string - user's secret key
/// string - hashed secretKey
public string GetHashedSecret(string key)
{
    string secretKey = string.Join(":", key, Salt);
    using (HMAC hmac = HMAC.Create(Algorithm))
    {
        // Hash the key.
        hmac.Key = Encoding.UTF8.GetBytes(Salt);
        hmac.ComputeHash(Encoding.UTF8.GetBytes(secretKey));
        return Convert.ToBase64String(hmac.Hash);
    }
}

PHP


/**
* Token-based authentication for REST web services.
*/
class SecurityManager
{
   const expirationMinutes = 10;
   var $expectedApplicationId;
   var $secretKey;
   var $salt;
   /**
    * SecurityManager constructor.
    */
   public function __construct($expectedApplicationId, $salt, $secretKey) {
       $this->expectedApplicationId = $expectedApplicationId;
       $this->salt = $salt;
       $this->secretKey = $secretKey;
   }
   /**
    * Generate 32 cryptographically secure random bytes and return as base64 string.
    *
    * return string
    */
   public function ComputeSecureString() {
       $tokenData = random_bytes(32);
       return base64_encode($tokenData);
   }
   /**
    *
    * Generates a token to be used in API calls.
    * The token is generated by hashing a message with a key, using HMAC SHA256.
    * The message is: appId:userAgent:timeStamp
    * The key is: secretKey:salt
    * The resulting token is then concatenated with appId:timeStamp and the result base64 encoded.
    *
    * API calls may then be validated by:
    *  1. Base64 decode the string, obtaining the token, appId, and timeStamp.
    *  2. Ensure the timestamp is not expired.
    *  2. Lookup the user's secretKey from the db (cached).
    *  3. Hash the appId:userAgent:timeStamp with the key of secretKey:salt to compute a token.
    *  4. Compare the computed token with the one supplied and ensure they match.
    *
    * param $appId
    * param $secretKey
    * param $userAgent
    * param $ticks
    *
    * return string
    */
   public function GenerateToken($appId, $secretKey, $userAgent, $ticks) {
       $hash      = "$appId:$userAgent:$ticks";
       $hashedKey = $this->GetHashedSecret($secretKey);
       $hashLeft  = base64_encode(hash_hmac("sha256", $hash, $hashedKey, true));
       $hashRight = "$appId:$ticks";
       $result    = base64_encode("$hashLeft:$hashRight");
       return $result;
   }
   /**
    * Returns a hashed appId + salt, to be used in generating a token.
    *
    * param $key string - user's secret key
    *
    * return string
    */
   public function GetHashedSecret($key) {
       $secretKey = "$key:" . $this->salt;
       return base64_encode(hash_hmac("sha256", $secretKey, $this->salt, true));

}

Python


import os
import base64
import hmac
import hashlib
import time
import requests


class SecurityManager:
    EXPIRATION_MINUTES = 10
    
    # SecurityManager constructor.
    def __init__(self, expectedApplicationId, salt, secretKey):
        self.expectedApplicationId = expectedApplicationId
        self.salt = salt
        self.secretKey = secretKey
    
    # Generate 32 cryptographically secure random bytes and
    # return as base64 string.
    # @return string
    def ComputeSecureString():
        tokenData = os.urandom(32)
        return base64.b64encode(tokenData)
    
    # Generates a token to be used in API calls.
    # The token is generated by hashing a message with a key,
    # using HMAC SHA256.:
    #
    # The message is: appId:userAgent:timeStamp
    # The key is: secretKey:salt
    # The resulting token is then concatenated with appId:timeStamp
    # and the result base64 encoded.
    #
    # API calls may then be validated by:
    #  1. Base64 decode the string, obtaining the token, appId, and timeStamp.
    #  2. Ensure the timestamp is not expired.
    #  2. Lookup the user"s secretKey from the db (cached).
    #  3. Hash the appId:userAgent:timeStamp with the key
    #     of secretKey:salt to compute a token.
    #  4. Compare the computed token with the one supplied
    # and ensure they match.
    #
    # @param appId
    # @param secretKey
    # @param userAgent
    # @param ticks
    # @return string
    def GenerateToken(self, appId, secretKey, userAgent, ticks):
        hashStr = "%s:%s:%s" % (appId, userAgent, ticks)
        
        hashedKey = self.GetHashedSecret(secretKey)
        
        hashLeft = base64.b64encode(
            hmac.new(hashedKey, hashStr, hashlib.sha256).digest()
        )
        
        hashRight = "{appId}:{ticks}".format(appId=appId, ticks=ticks)
        
        result = base64.b64encode(
            "{hashLeft}:{hashRight}".format(
                hashLeft=hashLeft, hashRight=hashRight
            )
        )
        
        return result
    
    # Returns a hashed appId + salt, to be used in generating a token.
    #     @param key string - user"s secret key
    #     @return string
    def GetHashedSecret(self, key):
        secretKey = "{key}:{salt}".format(key=key, salt=self.salt)
        
        res = base64.b64encode(
            hmac.new(
                self.salt, secretKey, hashlib.sha256
            ).digest()
        )
        
        return res

Ruby onRails


require 'securerandom'
require 'openssl'
require 'base64'
require 'date'
require 'net/http'
# 
# Token-based authentication for REST web services.
# 
class SecurityManager
  @salt = ""
  @expiration_minutes = 10

  # SecurityManager initialize
  
  def initialize(salt = "rz8LuOtFBXphj9WQfvFh")
    @salt = salt
  end
  
  #
  # Generate 32 cryptographically secure random bytes and return as base64 string.
  # return string
  #

  def ComputeSecureString
    return Base64.encode64(SecureRandom.base64(32))
  end

  #
  #
  # Generates a token to be used in API calls.
  # The token is generated by hashing a message with a key, using HMAC SHA256.
  # The message is: appId:userAgent:timeStamp
  # The key is: secretKey:salt
  # The resulting token is then concatenated with appId:timeStamp and the result base64 encoded.
  #
  # API calls may then be validated by:
  #  1. Base64 decode the string, obtaining the token, appId, and timeStamp.
  #  2. Ensure the timestamp is not expired.
  #  2. Lookup the user's secretKey from the db (cached).
  #  3. Hash the appId:userAgent:timeStamp with the key of secretKey:salt to compute a token.
  #  4. Compare the computed token with the one supplied and ensure they match.
  #
  # param appId
  # param secretKey
  # param userAgent
  # param ticks
  #
  # return string
  #


  def generateToken(app_key, secret_key, user_agent, ticks)
    hash = [app_key, user_agent, ticks.to_s].reject(&:empty?).join(':')
    hashed_key = getHashedSecret(secret_key)
      
    hmac_digest = OpenSSL::Digest.new("sha256")
    hmac = OpenSSL::HMAC.digest(hmac_digest, hashed_key.gsub(/\n/,''), hash)
    hash_left = Base64.encode64(hmac)
    hash_right = [app_key, ticks.to_s].reject(&:empty?).join(':')
    hash = [hash_left.gsub(/\n/,''), hash_right].join(':')
 
    return Base64.encode64(hash)
  end
  
  # 
  # Returns a hashed appId + salt, to be used in generating a token. 
  # param key string - user's secret key
  # return string
  #

  def getHashedSecret(key)
	  arr = []
    secret_key = [key, @salt].join(':')
    arr << secret_key
    # Create new SHA256 digest
    hmac_digest = OpenSSL::Digest.new("sha256")

    # Create new HMAC key with digest, salt, and secret_key
    hmac = OpenSSL::HMAC.digest(hmac_digest, @salt, secret_key)

    # return base64 encoded string
    return Base64.encode64(hmac)
  end  
end

Include the script and use the secureityManager Class to encrypt your headers.

JavaScript


deemly.init({
   appId: 'YOUR APP ID',
   secretKey: YOUR APP SECRET KEY
});

Let's talk

Request free demo