Spongecell API Documentation: Authentication
Authentication and Authorization
In the Spongecell Developer API, there is a distinction between a user being authorized to access resources through the API, and the process of authentication to the API.
The Spongecell Developer API allows you to authenticate with three different sets of parameters:
- Spongecell user name (or email-address) and password, same as login page.
- Spongecell API Write Key, which can be generated below.
- Digest (SHA1 Hash) of a Shared Secret and a time-stamp. Details at bottom.
The above can be used with either Authorization Tokens or the Session resource to provide temporary authorization to the authenticated user account.
API Keys
While Authorization Tokens only provide temporary authorization, an API Key provides permanent authorization, at least until it is manually removed.
The Spongecell Developer API currently supports three different types of keys:
|
API Key:
<none>
Provides identification as reference to your user account, but does NOT provide any access to your user data. It is required for some portions of the API. |
Please login (at top of page) to manage your API Keys. |
|
WRITE Key:
<none>
Used for authentication to your user account. |
Please login (at top of page) to manage your API Keys. |
|
SHARED_SECRET Key:
<none>
Used for authentication to your user account. In combination with a time-stamp, provides for authentication using a digest. |
Please login (at top of page) to manage your API Keys. |
Digest Authentication
Digest Authentication provides the most secure way of authentication to your Spongecell user account. It uses a Shared Secret combined with a timestamp to provide secure and time-based authentication. Even if the digest is intercepted, it will only provide temporary access to your account.
To create the digest, you need to append a timestamp to the shared secret, and then pass the result to a SHA1 hexdigest call.
Please generate a shared secret in the above section to see an example.