Signature Generation (Deprecated)
Was this article helpful?
API queries are required to be signed in order to ensure account security.
We present these steps as an example of generating a signed API request. The query produced in this example is valid and illustrates how to compose and sign a qualified request.
For account-specific codes for Provider ID (pcode) and Secret (secret), see Your API Credentials. Your pcode is the 28-character alphanumeric string that precedes the period in the API Key. The Secret Code is 40 characters long. Both are case sensitive and include alphanumeric characters, dashes (-), and underscores (_). These codes are required to generate a signature for each request to and from the Ooyala servers.Example:
Partner Code: lsNTrbQBqCQbH-VA6ALCshAHLWrV Secret Code: hn-Rw2ZH-YwllUYkklL5Zo_7lWJVkrbShZPb5CD1
The pcode, secret code, all required parameters, and all included optional parameters are used to generate a SHA-256 signature for the call. We present this example on how to generate a signature and URI-encode the parameters for the call.
- Begin with the 40 character API Secret Code (see Your API Credentials).
- Sort the parameter names alphabetically and append
<name>=<value> pairs to the string. The
SHA-256 signature is generated with the result, which does not include the
pcode.This example uses expires=1893013926, label=any/some,
statistics=1d,2d,7d,28d,30d,31d,lifetime, status=upl,live, and
- Generate an SHA-256 digest in base 64 format on this string, truncate the string to 43
characters and drop any trailing '=' signs. URI encode the signature specifically '+','=',
and '/'. This example produces a signature of
To create the final query URL, begin with http://www.ooyala.com/api/partner? and the Partner Code from the Developers area of your Backlot Account tab. Append the query parameters in alphabetic order, separated with & and end with signature=<signature> to include the digest computed in Step 3.
All parameters must be URI-escaped before being added to the query. Parameters should be URI-escaped in the query, not when generating the signature.