Security & Authentication
How to handle Security and Authentication.
Important Most Learnosity services require hashing of certain attributes to prevent tampering with the intended context. This article details this approach so you can replicate it in your code. However for ease of use we provide helper SDKs in several languages and strongly recommend their use.
<html> <head> </head> <body> <?php
A valid signature is required to authenticate each Items API request, and is one of the required parameters of the Items JSON Object.
The signature is a 64 character long string, resulting from applying the SHA256 hashing algorithm to the concatenation of the following parameters in order, separated by underscores ('_'):
- domain †
- consumer_secret ‡
‡ The consumer_secret is a secret key supplied by Learnosity, known only by the client and Learnosity. The consumer_secret must not be exposed either by sending it to the browser or across the network.
$security = array( "consumer_key" => "INSERT_CONSUMER_KEY_HERE", "domain" => "demos.learnosity.com", "timestamp" => gmdate('Ymd-Hi'), ); $consumer_secret = 'INSERT_CONSUMER_SECRET_HERE';
$request = array( "mode" => "item_edit", "reference" => "myItemRef", "user" => array( "id" => "walterwhite" ) ); $signatureArray = array_merge(array(), $security); array_push($signatureArray, $consumer_secret); array_push($signatureArray, json_encode($request)); $preHashString = implode("_", $signatureArray); /* output will be: INSERT_CONSUMER_KEY_HERE_INSERT_MY_DOMAIN_HERE_20131121-1725_INSERT_CONSUMER_SECRET_HERE_INSERT_JSON_REQUEST_HERE */
The SHA256 algorithm is then applied to the concatenated string creating the signature
Further examples, as well as examples in other languages, can be found in the source code for our Demos page.
$security['signature'] = hash('sha256', $preHashString); /* output will be a hash, eg: 4b5d60ab781002473870dd4184d293dc3f71560cb69bb1422a415a522d273d1f */ $initOptions = array( "security" => $security, "request" => $request ); ?> <div id="learnosity-author"></div> <script src="//authorapi.learnosity.com?v1"></script> <script> var initOptions = <?php echo(json_encode($initOptions));?>; var authorApp = LearnosityAuthor.init(initOptions); </script> </body> </html>