If you are on this page, we assume that:You already have an access key; Have knowledge on how to perform HTTP requests (for the RESTfull endpoints).
To make calls to our APIs is necessary first authenticate the request.
We think security on the web is pretty important, and recommend using HTTPS whenever possible. As part of our efforts to make the web more secure, we’ve made all of the Maplink APIs available over HTTPS. Using HTTPS encryption makes your site more secure, and more resistant to snooping or tampering.
A valid request with signature is composed of:
- Request URL: service base url / version / service ? query string
- Application code parameter
- Signature parameter
|Mandatory parameters for a signed request|
The authentication process is done upon one way cryptographic hash using the client token as the private key. Below the steps to generate the signature of your request: (examples bellow each step)
- Build the url of the request with the application code parameter
- Take the path and the query from this url (and the request body if POST request)
- Replace the ‘-’ character with ‘+’, and ‘_’ with ‘/’ on your token
- Generate the signature using the HMAC-SHA1 algorithm and the client token as key
- Make the signature url-safe, replacing ‘+’ with ‘-’ and ‘/’ with ‘_’
- Add the signature parameter with the result obtained above
/v0/search?q=Brasil&applicationCode=MyAppCode GET request
/v0/search?q=Brasil&applicationCode=MyAppCode[request_body] POST request
"token-With-Invalid_Characters" becomes: "token+With+Invalid/Characters"
Token example: c29tZSB2YWxpZCB0b2tlbg==
Signature generated using the request and token above: 79D7t0uEZU9CliTfJVZ5X/ORYss=
The signature "79D7t0uEZU9CliTfJVZ5X/ORYss=" becomes: "79D7t0uEZU9CliTfJVZ5X_ORYss="
You can see some examples of how generate signature in differents languages in the tab examples.
Examples of how to generate signature in C#, Python, Java and Node
Signature generator for GET requests
Using your credentials (application code and token/key), you can generate the signature for ad hoc testing. Fill the fields bellow with the desired API call and the credentials and press “generate signature”. A link for the API with the authentication parameters properly built, will be shown.
You can also use your token directly in the request to authenticate, however, it’s not recommended if you had not enable IP and domain validations (contact us if you need help to do it)
The request will be composed of:
- Request URL: Base service URL + version + desired query and parameters to be used in the search;