3.2.Request Signing
Each request to the Prodege MR API must be signed. The signature scheme is built based on the following formula where StringToSign consists of all parameters included in the request, in alphabetical order, and concatenated by a colon (:).
Base64( SHA256( UTF-8-Encoding-Of(SecretKey + “:” + StringToSign) ) ),
For example:
For request to https://www.swagbucks.com/prodegemr/project-create with parameters: country_id=1, project_id=2025, project_type_id=1, project_name=Test Survey, loi=10, project_url=https://google.com/%transid%/, apik=yBnXUjjiXSXZ, and request_date=230194972104, the signature would be calculated as follows:
Base64( SHA256( UTF-8-Encoding-Of(SecretKey + “:” + “apik=yBnXUjjiXSXZ:country_id=1:loi=10:project_id=2025:project_name=Test Survey:project_type_id=1:project_url=https://google.com/%transid%/:request_date=1442254164458”) ) )
Note: As the result of SHA256 can have characters that cannot be passed un-encoded as a query string parameter, the following character replacements must be made:
Character | Replacement |
+ | – |
/ | _ |
= | EMPTY STRING |
In Java:
static String getProdegeMRSignature(String stringToSign, String secretKey)
{
//get utf8 bytes
byte[] utf8Bytes = (secretKey + ":" + stringToSign).getBytes("UTF-8");
//define hashing algo
MessageDigest digest = MessageDigest.getInstance("SHA-256");
//generate hash
byte[] hash = digest.digest(utf8Bytes);
//base64
byte[] base64Hash = Base64.encodeBase64(hash);
//replace url-unfriendly chars
String signature = new String(base64Hash).replace("+", "-")
.replace("/", "_")
.replace("=", "");
return signature;
}
In C#:
static string GetProdegeMRSignature(string stringToSign, string secretKey)
{
//get utf8 bytes (important in c# since default is utf16)
var bytes = Encoding.UTF8.GetBytes(secretKey + ":" + stringToSign);
//define hashing algo
var algo = new SHA256Managed();
//generate hash
var hashBytes = algo.ComputeHash(bytes);
//base64
var base64String = System.Convert.ToBase64String(hashBytes);
//replace url-unfriendly chars
var result = base64String.Replace("+", "-").Replace("/", "_").Replace("=", "");
return result;
}
In PHP#:
function getProdegeMRSignature($stringToSign, $secretKey)
{
$utf8_encoded = utf8_encode($secretKey.":".$stringToSign);
$sha256_hash = hash('sha256', $utf8_encoded, true);
$base64_encoded = base64_encode($sha256_hash);
$signature = str_replace("+", "-"
, str_replace("/", "_"
, str_replace("=", "", $base64_encoded)));
return $signature;
}
In Python:
from hashlib import sha256
from base64 import b64encode
def get_prodegemr_signature(string_to_sign: str, secret_key: str) -> str:
utf_8_encoded = ':'.join((secret_key, string_to_sign)).encode(encoding='UTF-8')
hashed = sha256(utf_8_encoded).digest()
base64_encoded = b64encode(hashed).decode(encoding='UTF-8')
return base64_encoded.replace('+', '-').replace('/', '_').replace('=', '')