Authenticating REST Requests

Query String Request Authentication

Following is an example query string authenticated ImageCollect REST request.


                GET /images/info.xml?fileID=1
                &AccessKeyId=0PN5X16HBGZHT7JJ3X82
                &Expires=1238598470
                &Signature=SF7y/ZXX8aSX5KnRjKnuOlP7S2k= 
                HTTP/1.1
                Host: api.imagecollect.com

The query string request authentication method doesn't require any special HTTP headers. Instead, the required authentication elements are specified as query string parameters:


Parameter Query String Parameter Name Example Value
AccessKeyId 0PN5X16HBGZHT7JJ3X82 Your ImageCollect Access Key Id. Specifies the ImageCollect Secret Access Key used to sign the request, and (indirectly) the identity of the developer making the request.
Expires 1238598470 The time when the signature expires, specified as the number of seconds since the epoch (00:00:00 UTC on January 1, 1970). A request received after this time (according to the server), will be rejected.
Signature SF7y/ZXX8aSX5KnRjKnuOlP7S2k= The URL encoding of the Base64 encoding of the HMAC-SHA1 of StringToSign.

The query string request authentication method differs slightly from the ordinary method but only in the format of the Signature request parameter and the StringToSign element. Following is pseudo-grammar that illustrates the query string request authentication method.


                Signature = URL-Encode( Base64( HMAC-SHA1( UTF-8-Encoding-Of( StringToSign ) ) ) );
                StringToSign = HTTP-VERB + "\n" +
                Content-MD5 + "\n" +
                Content-Type + "\n" +
                Expires + "\n" +
                CanonicalizedResource;

Notice how the Signature is URL-Encoded to make it suitable for placement in the query-string.


This example gets a image info.


Request

StringToSign
GET /images/info.xml?fileID=2
&AccessKeyId=0PN5X16HBGZHT7JJ3X82
&Expires=1238598470
&Signature=SF7y/ZXX8aSX5KnRjKnuOlP7S2k=
HTTP/1.1
Host: api.imagecollect.com
"GET\n" + "\n" + "\n" +"1238598470\n" + 
"/images/info.xml"