Generating the Authentication Header When Using ScreenSteps Live API Key

The header you send with each request will look something like this:

Content-Type: application/xml
Accept: application/xml
Date: Tue, 06 Jan 2009 17:56:39 GMT
Authorization: ScreenStepsLiveAPI auth= AUTH_STRING

To create the AUTH_STRING you need the following information:

1) Your ScreenSteps Live domain.
2) The path of the resource you are requesting.
3) The date being sent in the Date header.
4) Your ScreenSteps Live API key.

Armed with the above data you create a string as follows:

SSLIVE_DOMAIN:PATH:DATE

Next create a SHA1 digest of the string using your ScreenSteps API Key as the salt. To end with you base64 encode the digest.

Here is an example in PHP that uses the Crypt_HMAC PEAR library:

$sslive_api_key = '12e5317e88';
$domain = 'example.screenstepslive.com';
$path = '/spaces/';
$httpDate = gmdate("D, d M Y H:i:s T"); // i.e. Tue, 06 Jan 2009 17:56:39 GMT
$string = $domain . ':' . $path . ':' . $httpDate;

$hasher =& new Crypt_HMAC($sslive_api_key, 'sha1');
$digest = $hasher->hash($string);
$AUTH_STRING = base64_encode(pack('H*', $digest));

$AUTH_STRING can now be passed in the Authorization header.