{"id":44,"date":"2016-01-26T00:35:53","date_gmt":"2016-01-26T00:35:53","guid":{"rendered":"http:\/\/192.168.114.129\/?page_id=44"},"modified":"2023-06-24T11:09:28","modified_gmt":"2023-06-24T11:09:28","slug":"api-key-authentication","status":"publish","type":"page","link":"https:\/\/api-users.4over.com\/?page_id=44","title":{"rendered":"API Key Authentication"},"content":{"rendered":"

All requests are authenticated using an API-Key authentication method.
\nFor all GET and DELETE requests the api key and signature should be passed through the query string. For POST, PUT and PATCH requests “Authorize” or “Authorization” is passed through the header parameters, which is consisted of a public-key and a signature. The signature is generated from user’s private key using bellow algorithm.
\nEvery HTTP_METHOD will have different signature because the HMAC hash string used to generate the signature is the HTTP method type (GET, POST and etc).<\/p>\n

GET and DELETE Requests<\/h3>\n
\nAuthentication for GET and DELETE requests\n\n?apikey={PUBLIC_KEY}&signature={SIGNATURE}<\/pre>\n
POST, PUT and PATCH Requests<\/h3>\n
\nRequest Header Parameters to authenticate POST, PUT and PATCH requests\n\nAuthorization: API {PUBLIC_KEY}:{SIGNATURE} <\/pre>\n
Where the signature is generated from a hash of user’s Private Key (see bellow for details on how to create the signatures)<\/p>\n
How to create the Signature<\/h3>\n
PHP example – HMAC hash to generate signature<\/p>\n
hash_hmac(\"sha256\", HTTP_METHOD, hash('sha256', $myPrivateKey));<\/pre>\n
Python Example – HMAC hash to generate signature<\/p>\n
\nprivate_key = hashlib.sha256({private_key}).hexdigest()\nsignature = hmac.new(private_key, HTTP_METHOD, hashlib.sha256).hexdigest()<\/pre>\n
In generating signatures do not use “HTTP_METHOD” string to generate HMAC hash. Depending on your request type, the appropriate HTTP_METHOD such as “GET”, “POST” and etc., should be used as the HMAC hash string to generate proper signature.<\/p>\n
\n{html}\nAuthorize: API {PUBLIC_KEY}:{SIGNATURE}\n\n{html}\nAuthorization: API {PUBLIC_KEY}:{SIGNATURE}<\/pre>\n","protected":false},"excerpt":{"rendered":"
All requests are authenticated using an API-Key authentication method. For all GET and DELETE requests the api key and signature should be passed through the query string. For POST, PUT and PATCH requests “Authorize” or “Authorization” is passed through the header parameters, which is consisted of a public-key and a signature. The signature is generated […]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":39,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-44","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/pages\/44","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/api-users.4over.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=44"}],"version-history":[{"count":4,"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/pages\/44\/revisions"}],"predecessor-version":[{"id":603,"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/pages\/44\/revisions\/603"}],"up":[{"embeddable":true,"href":"https:\/\/api-users.4over.com\/index.php?rest_route=\/wp\/v2\/pages\/39"}],"wp:attachment":[{"href":"https:\/\/api-users.4over.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=44"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}