1. Geomarks
2. Developer Guide

Signing Requests

Each request to the geomark group API must be signed using a secret key that is specific to each geomark group. The secret key will provided by the geomark application administrator when the geomark group is created. Each application is responsible for ensuring that the secret key is kept private and secure.

The signature is created by signing the request data using the the HmacSHA1 message authentication code (MAC) aglorithm and then encoding the response using base-64 encoding.

The request data is a string that is created from the following parts joined using the ":" character.

Path

The path to the request as shown in the URI template with any parameters replaced by their values (e.g. /geomarkGroups/gm-abcdefghijklmnopqrstuvwxyz0000bc/geomarks/add).

Time

The timestamp the request was sent in the number of milliseconds since January 1, 1970, 00:00:00 GMT. This is sent as the 'time' parameter in the request.

Parameters

The request parameters (excluding time and signature) encoded as a HTTP query string with the parameter names specified in alphabetical order. If a parameter is repeated then the values must be in the same order as the request. For example geomarkId=gm-abcdefghijklmnopqrstuvwxyz0000bc&geomarkId=gm-abcdefghijklmnopqrstuv0bcislands .

The time and signature are sent as parameters as part of the request and are validated by the server.

The following Java example shows how to create the signature. It is however recommend to use the Geomark Java API as it implements signing of requests.

long time = System.currentTimeMillis();
String data = path + ":" + time + ":" + parameters;
SecretKey key = new SecretKeySpec(secretKey.getBytes("UTF-8"), "HmacSHA1");
Mac mac = Mac.getInstance("HmacSHA1");
mac.init(key);
byte[] dataBytes = data.getBytes("UTF-8");
byte[] digestBytes = mac.doFinal(dataBytes);
String signature = Base64.encode(digestBytes);