3.4.Link Signing
Each survey link can be signed by Prodege. The signature can then be verified within your system to ensure the signature is legitimate. Please consult with your Prodege representative to enable link signing.
The signature scheme will be built based on the following formula where StringToSign consists of all parameters included in the URL, in alphabetical order, and concatenated by a colon (:). The SecretKey will be provided to you by Prodege.
Base64( SHA256( UTF-8-Encoding-Of(SecretKey + “:” + StringToSign) ) ),
Example
Base URL:
https://www.mysurveys.com/survey
Parameters:
a_variable=12345, b_variable=54321, c_variable=1ab2c3d4e5, d_variable=5e4d3c2b1a
Secret Key:
abcdef123456
In this example, the signature would be calculated as follows:
Base64(SHA256(UTF-8-Encoding-Of(abcdef123456:a_variable=12345:b_variable=54321:c_variable=1ab2c3d4e5:d_variable=5e4d3c2b1a)))
End Result:
https://www.mysurveys.com/survey?a_variable=12345&b_variable=54321&c_variable=1ab2c3d4e5&d_variable=5e4d3c2b1a&signature=4E-yZ3M3AjthWeVFNeAK3LYbXbVMbZKUbpt4Iudf3qw
Note: As the result of SHA256 can have characters that cannot be passed un-encoded as a query string parameter, the following character replacements must be made:
Character | Replacement |
+ | – |
/ | _ |
= | EMPTY STRING |