How to sign your requests
To prove that you are the owner of the account making the request and prevent forgeries, you must include a signature parameter in your requests.
You calculate the signature with your API secret key. You calculate the signature with your API secret key. The API key in the request is used by Calaméo to find out your API secret key. Then Calaméo calculates a signature with it. If the generated signature matches the signature in the request, the request is accepted as authentic and the action is performed. Otherwise, the server will return an error message.
The steps to sign a request are:
- Sort the request parameters alphabetically
- Concatenate your API secret key and the request's parameters name-value pairs
- Calculate the MD5 hash of this concatenated string
- Include the signature parameter in the request with this MD5 hash as value
Example
Here are the public and secret key we will use:
| Public key | 84c92f2c5686d350d3d2d15c2073ec23 |
| Secret key | 1jHj0HORiWhpmw9QqOXsLoZjweVm7BWoT5WPWC2AbFsuWl95 |
In this example, we are going to list our account publications. The following parameters will be used:
| apikey | 84c92f2c5686d350d3d2d15c2073ec23 |
| action | API.fetchAccountBooks |
| output | JSON |
| order | Name |
| way | UP |
To calculate the signature of this request, we concatenate the API secret key with the name-value alphabetically sorted parameters:
1jHj0HORiWhpmw9QqOXsLoZjweVm7BWoT5WPWC2AbFsuWl95actionAPI.fetchAccountBooksapikey84c92f2c5686d350d3d2d15c2073ec23orderNameoutputJSONwayUP
We get the MD5 hash of this string: add64a889f0900d78ccd59fdde92c991
The complete request looks like:
http://api.calameo.com/1.0?apikey=84c92f2c5686d350d3d2d15c2073ec23&action=API.fetchAccountBooks&output=JSON&order=Name&way=UP&signature=add64a889f0900d78ccd59fdde92c991
