ALTR API's authorization protocol relies on a properly formatted authorization header. The accepted format is: "ALTR " + api_key + ":" + signature. signature is a base64-encoded, SHA-256 hash that uses the API key's secret as the key for the hash function. The payload being hashed must follow the format:* HTTP-METHOD + "\n" + RESOURCE + "\n" + DATE + "\n". DATE must match X-ALTR-DATE*, and RESOURCE must match the referenceToken in the query string. An example payload for a GET request is: "GET\n" + referenceToken + "\n01-01-1970 00:00:00\n"
X-ALTR-DATE
Date
The datetime used in the authorization signature. If this is more than 15 minutes past the server's internal clock, the request will be rejected.
Response
Field
Type
Description
X-Expected-Hash
String
The hex-encoded MD5sum of the data that is expected to be returned.
X-ALTR-Metadata
String
If available and given with the file during upload, the metadata associated with the token.
date = new Date();
payload = 'GET\n' + referenceToken + '\n' + date + '\n';
API_KEY = <your API key>;
SECRET = <your API secret>;
{
"X-ALTR-DATE": date,
"Authorization": "ALTR " + API_KEY + ":" + base64(hmac-sha256(payload, SECRET))
}
On success, the associated data will be returned as an octet-stream in the response's body.
Error Codes
Code
Name
Description
401
unauthorized
The API key could not be authenticated.
403
forbidden
API key does not have read permissions.
404
resource_not_found
The requested resource could not be found.
503
internal_error
The web server encountered an unexpected error.
HTTP/1.1 503 Internal Server Error
{
"success": false,
"response": {
"error_type": "internal_error",
"error_message": "Unable to process request at this time."
}
}
HTTP/1.1 401 Authentication Required
{
"success": false,
"response": {
"error_type": "unauthorized",
"error_message": "API key must be included in header."
}
}
HTTP/1.1 403 Forbidden
{
"success": false,
"response": {
"error_type": "forbidden",
"error_message": "API key does not have read permissions."
}
}
HTTP/1.1 404 Not Found
{
"success": false,
"response": {
"error_type": "resource_not_found",
"error_message": "Token could not be found."
}
}