API Authentication

To use myTracker API you need to collect the first statistic on your project and get authentication data. All requests to API must be signed using Secret key and API User ID.

Request Signing

At the moment we support only one way for API request signing — HMAC SHA1.

There is a common consistency:

  1. Create a baseline.
    Using an ampersand (&) connect followings components:
    • Request method (GET/POST).
    • Complete URL (made up of a scheme, a hostname and GET parameters) in percent-encoding
    • Request body converted into a percent-encoded string.
    For example, the baseline for the GET request https://tracker.my.com/api/raw/v1/export/get.json is the following
    GET&https%3A%2F%2Ftracker.my.com%2Fraw%2Fv1%2Fexport%2Fget.json&
  2. Create a signature.
    Signing is created by taking the baseline and the Secret key, by using HMAC SHA1 and base64 algorithms:
    Base64-encode(HMAC-SHA1(базовая строка, секретный ключ))
  3. Add the Authorization HTTP header for the request.
    The header should contain the following components:
    • Authentication type = AuthHMAC
    • Your API User ID
    • Your signature
    Authorization: AuthHMAC APIUserID:signature
    For example:
    Authorization: AuthHMAC 87657:3RT1/n0b73A63xLDnb0wrvFPMC8=

Calculation example

Input parameteres

  • API User ID: 77658
  • Secret key: 72d2erEtbynf6f7ZYTsYKnb7
  • Method: GET
  • Complete URL: https://tracker.my.com/api/raw/v1/export/get.json?idReport=4

In result we get

  • Baseline:
    GET&https%3A%2F%2Ftracker.my.com%2Fapi%2Fraw%2Fv1%2Fexport%2Fget.json%3FidReport%3D4&
  • Signature:
    PqrQR8zsgQU9Qcocjp6T6hnjF8Y=
  • HTTP header:
    Authorization: AuthHMAC 77658:PqrQR8zsgQU9Qcocjp6T6hnjF8Y=

Source code examples

def get_signature(api_user_id, secret_key, url, method='GET', post_data=None):
    method = method.upper()
    data = post_data if post_data else ''
    string = '%s&%s&%s' % (
        method,
        quote(url, safe='~'),
        quote(data, safe='~')
    )

    signature = b2a_base64(
        new(
            bytearray(secret_key, 'utf-8'),
            bytearray(string, 'utf-8'),
            sha1
        ).digest()).decode().rstrip('\n')

    return 'AuthHMAC %s:%s' % (api_user_id, signature)
function getSignature($APIUserId, $secretKey, $url, $method='GET', $post_data=null) {
    $method = strtoupper($method);
    $data = $post_data ? $post_data : '';
    $string = sprintf('%s&%s&%s', $method, rawurlencode($url), rawurlencode($data));
    $signature = base64_encode(hash_hmac('sha1', $string, $secretKey, true));
    return sprintf('AuthHMAC %s:%s', $APIUserId, $signature);
}