HMAC Authentication
Discover how HMAC authentication works and understand its importance in securing communication between two parties by using a cryptographic key to verify the authenticity and integrity of data.
Related Articles
Using HMAC to Create a Secure Psychometric Session
A JWT Token is the primary authentication to communicate to Begini Backend from the client's system. The most secure way to generate Begini access token is to use HMAC Authentication mechanism. Please see the steps below on how the HMAC Authentication will be done. Also, see sample python code below for reference:
PREREQUISITE
Please make Begini aware if you plan to use HMAC method, so we can configure the integration id authentication to HMAC.
- Get the API key from the Admin Dashboard
- Use the API key as the secret, and using the secret to generate HMAC code with SHA512 digest. (NOTE: Make sure the right integration id is in used on the payload)
- From (2), generate the Begini session token, by invoking the POST
https://api.begini.co/v1/sessions-management/tokens, with the payload and sending the HMAC code in the X-Signature Header. - The Token API should generate a 200 successful response, and token will be retrieved
Sample Code
import hmac
import hashlib
import json
import requests
def generate_hash(message:str,secret_key:str)->str:
"""Generate HMAC Code"""
hmac_code=hmac.new(secret_key.encode('utf-8'),
msg=message.encode('utf-8'),
digestmod=hashlib.sha512).hexdigest()
return hmac_code
def main():
api_key='##################-b904a3b569ad'
payload={
"uid":"uid_123456",
"integration_id":"123456789087654321" }
message=json.dumps(payload,separators=(',',':'))
hmac_code=generate_hash(message,api_key)
headers={'X-Signature':hmac_code}
response=requests.post('https://api.begini.co/v1/sessions-management/tokens',
json=payload,
headers=headers)
main()
