asvin components expose their services using RESTful API endpoints. They are secured using Jason Web Token(JWT). It is required to obtain a JWT from OAuth server. Only thereafter the endpoints can accessed successfully. The Login API endpoint is used to get JWT from OAuth.
The device_signature used in the The Login API is a hashed-based message authentication code (MAC). It consists of cryptographic hash function (HMAC-SHA256) and secret key. In psuedocode, it can be illustrated as HMAC-SHA256(key, message). Here, message is timestamp+device_key and key is customer_key. So, the device_signature is calculated as
device_signature = HMAC-SHA256(customer_key, timestamp+device_key)The customer_key and device_key are acquired from Customer Platform. One needs to make a account there. The code block below shows the device_signature generation.
bash
#!/bin/bash customer_key="my-customer-key" device_key="my-device-key" timestamp=$(date +%s) device_signature=$(echo -n $timestamp$device_key | openssl dgst -sha256 -hmac $customer_key) echo $device_signature
python
import hmac import hashlib from time import time customer_key = "my-customer-key" device_key = "my-device-key" timestamp = str(math.floor(time())) device_signature = hmac.new(customer_key, msg=timestamp+device_key, digestmod=hashlib.sha256).hexdigest().upper() print device_signature
js
const CryptoJS = require("crypto-js"); const dateNow = new Date(); const customerKey = "my-customer-key"; const deviceKey = "my-device-key"; const timestamp = Math.floor(dateNow.getTime() / 1000); const deviceSignature = CryptoJS.HmacSHA256(timestamp + deviceKey, customerKey).toString(CryptoJS.digest); console.log(deviceSignature)