To authenticate with the Rose API, you must generate a signature using your API key secret. This signature is a secure HMAC hash that ensures your identity and the integrity of the authentication request.
Step 1. Generate the message
To generate the signature you need:
- Your organization ID
- The current date, in UTC, formatted as
YYYY-MM-DD - Your API key ID
Take these three elements, and join them with a colon to get a message string. The format is shown below.
{organization_id}:{date}:{api_key_id}For example, if you work for company_name, the current UTC date is 2024-12-31, and your API key ID is abcdef1232456, the message would be
company_name:2024-12-31:abcdef123456
Step 2. Hash the message
The signature is the hash of the message you created in step 1, with your API key secret as the key. Hash the message using the SHA-256 algorithm to create an HMAC (Hash-based Message Authentication Code). The resulting HMAC is then encoded as a hexadecimal string, producing a 64-character output.
The final result of the message above hashed with an API key secret of 123abc456def will be this:
8ff29f38b2b09db23819e8854ca8f5652bbdde773d1f940386675d6a7b01981b
This ensures that even if someone intercepts your request, they can’t impersonate you without knowing your secret. And that their token will be invalid at the end of the day.
Python example
Below is an example Python function which takes in your organization ID, API key ID, and API key secret, and returns the signature.
import datetime
import hashlib
import hmac
def generate_signature(organization_id, api_key_id, api_key_secret):
utc_date = datetime.datetime.now(datetime.UTC).strftime("%Y-%m-%d")
message = f"{organization_id}:{utc_date}:{api_key_id}"
return hmac.new(api_key_secret.encode(), message.encode(), hashlib.sha256).hexdigest()
This logic can be implemented in any language that supports HMAC-SHA256 and hexadecimal encoding.
Comments
0 comments
Please sign in to leave a comment.