Security Pratices
Security Tips
INFO
GUID Setup
enckey
paramater with the initialization request to the 1.2 endpoint. Make sure that the length of the GUID is 36 characters or less. You will send this GUID in the enckey paramater only on init (initialization), none of the other requests.[GUID]-[secret]
.4a59f8ca-b304-47
and my application secret is 76489f2ba92ddf9132e28d56870004a62d30ec5b40eaf2071ae48036e7144b5f
, I would want to store the string 4a59f8ca-b304-47-76489f2ba92ddf9132e28d56870004a62d30ec5b40eaf2071ae48036e7144b5f
for later use for the initialization response.SHA256 HMAC
of the JSON response encoded with the application secret.8d0a11b00f44bee4e563117db28533943f5170854f5f65e69470c59bffb7d0d5
and the JSON response is:{
"success":true,
"message":"Initialized",
"sessionid":"b8Q1f62SdW",
"appinfo":
{
"numUsers":"6",
"numOnlineUsers":"120",
"numKeys":"1533",
"version":"1.0",
"customerPanelLink":"https:\/\/localhost\/panel\/wnelson03\/test\/"
}
}
8d0a11b00f44bee4e563117db28533943f5170854f5f65e69470c59bffb7d0d5
. In my application, I compare these and abort the program if the do not match.[GUID]-[secret]
.4a59f8ca-b304-47-76489f2ba92ddf9132e28d56870004a62d30ec5b40eaf2071ae48036e7144b5f
and the JSON response is:{
"success":true,
"message":"Logged in!",
"info":
{
"username":"3Y8FC2-MRHKUO-U9RH8I-GNHD2U-THK4X8-PW584D",
"subscriptions":
[
{
"subscription":"default",
"key":"3Y8FC2-MRHKUO-U9RH8I-GNHD2U-THK4X8-PW584D",
"expiry":"1659657607"
},
{
"subscription":"default",
"key":null,
"expiry":"1659749662"
}
],
"ip":"::1",
"hwid":null,
"createdate":"1659225608",
"lastlogin":"1659363059"
}
}
e2993347290077c90011694bf887975117bff08897106f9c501d75c48102f721
4a59f8ca-b304-47-76489f2ba92ddf9132e28d56870004a62d30ec5b40eaf2071ae48036e7144b5f
on the website HMAC SHA256 ONLINE, I get the same result as the signature e2993347290077c90011694bf887975117bff08897106f9c501d75c48102f721
Modified at 2024-02-25 16:54:43