ALTR API's authorization protocol relies on a properly formatted authorization header. The accepted format is: "ALTR " + api_key + ":" + signature. signature is a base64-encoded, SHA-256 hash that uses the API key's secret as the key for the hash function. The payload being hashed must follow the format:* HTTP-METHOD + "\n" + RESOURCE + "\n" + DATE + "\n". DATE must match X-ALTR-DATE*, and RESOURCE must match the referenceToken in the query string. An example payload for a GET request is: "GET\n" + referenceToken + "\n01-01-1970 00:00:00\n"
X-ALTR-DATE
Date
The datetime used in the authorization signature. If this is more than 15 minutes past the server's internal clock, the request will be rejected.
date = new Date();
payload = 'GET\n' + referenceToken + '\n' + date + '\n';
API_KEY = <your API key>;
SECRET = <your API secret>;
{
"X-ALTR-DATE": date,
"Authorization": "ALTR " + API_KEY + ":" + base64(hmac-sha256(payload, SECRET))
}
Success 200
Field
Type
Description
token_active
Boolean
The token's status. If false, the token cannot be fetched.
data_protected
Boolean
Whether or not the data has been fully written to the distributed ledger.
data_available
Boolean
Whether or not the data is available to be fetched. Data of size greater than 500 bytes becomes available upon the encryption key being protected. Data of size less than 500 bytes becomes available once it is written to the distributed ledger.
HTTP/1.1 503 Internal Server Error
{
"success": false,
"response": {
"error_type": "internal_error",
"error_message": "Unable to process request at this time."
}
}
HTTP/1.1 401 Authentication Required
{
"success": false,
"response": {
"error_type": "unauthorized",
"error_message": "API key must be included in header."
}
}
HTTP/1.1 404 Not Found
{
"success": false,
"response": {
"error_type": "resource_not_found",
"error_message": "Token could not be found."
}
}