ALTR API's authorization protocol relies on a properly formatted authorization header. The accepted format is: "ALTR " + api_key + ":" + signature. signature is a base64-encoded, SHA-256 hash that uses the API key's secret as the key for the hash function. The payload being hashed must follow the format:* HTTP-METHOD + "\n" + RESOURCE + "\n" + DATE + "\n". DATE must match X-ALTR-DATE*, and RESOURCE must match the referenceToken in the query string. An example payload for a GET request is: "GET\n" + referenceToken + "\n01-01-1970 00:00:00\n"
The datetime used in the authorization signature. If this is more than 15 minutes past the server's internal clock, the request will be rejected.
The hex-encoded MD5sum of the data that is expected to be returned.
If available and given with the file during upload, the metadata associated with the token.
date = new Date();
payload = 'GET\n' + referenceToken + '\n' + date + '\n';
API_KEY = <your API key>;
SECRET = <your API secret>;
"Authorization": "ALTR " + API_KEY + ":" + base64(hmac-sha256(payload, SECRET))