ImageCollect Services
Authentication
Pictures
Events
Celebrities
Sales
Authenticating REST Requests
Query String Request Authentication
Following is an example query string authenticated ImageCollect REST request.
GET /images/info.xml?fileID=1 &AccessKeyId=0PN5X16HBGZHT7JJ3X82 &Expires=1238598470 &Signature=SF7y/ZXX8aSX5KnRjKnuOlP7S2k= HTTP/1.1 Host: api.imagecollect.com
The query string request authentication method doesn't require any special HTTP headers. Instead, the required authentication elements are specified as query string parameters:
Parameter | Query String Parameter Name | Example Value |
AccessKeyId | 0PN5X16HBGZHT7JJ3X82 | Your ImageCollect Access Key Id. Specifies the ImageCollect Secret Access Key used to sign the request, and (indirectly) the identity of the developer making the request. |
Expires | 1238598470 | The time when the signature expires, specified as the number of seconds since the epoch (00:00:00 UTC on January 1, 1970). A request received after this time (according to the server), will be rejected. |
Signature | SF7y/ZXX8aSX5KnRjKnuOlP7S2k= | The URL encoding of the Base64 encoding of the HMAC-SHA1 of StringToSign. |
The query string request authentication method differs slightly from the ordinary method but only in the format of the Signature request parameter and the StringToSign element. Following is pseudo-grammar that illustrates the query string request authentication method.
Signature = URL-Encode( Base64( HMAC-SHA1( UTF-8-Encoding-Of( StringToSign ) ) ) ); StringToSign = HTTP-VERB + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Expires + "\n" + CanonicalizedResource;
Notice how the Signature is URL-Encoded to make it suitable for placement in the query-string.
This example gets a image info.
Request |
StringToSign |
GET /images/info.xml?fileID=2 &AccessKeyId=0PN5X16HBGZHT7JJ3X82 &Expires=1238598470 &Signature=SF7y/ZXX8aSX5KnRjKnuOlP7S2k= HTTP/1.1 Host: api.imagecollect.com |
"GET\n" + "\n" + "\n" +"1238598470\n" + "/images/info.xml" |