Request Signing

Each request to Prodege APIs must be signed. Redirects and survey URLs can be signed as well.

The signature scheme will be built based on the following formula where StringToSign consists of all parameters included in the URL, in alphabetical order, and concatenated by a colon (:). The SecretKey will be provided to you by Prodege.

Base64(SHA256(UTF-8-Encoding-Of(SecretKey + “:” + StringToSign))),

Example (Redirect)

Base URL:

https://www.mysurveys.com/redirect

Parameters:

tId=123456789

projectId=987654321

memberId=741852963

status=1

dqid=3

surveyId=852369741

var1=h494jkfn938

var2=sjew82840dj

hash=

Secret Key:

stdY0rTvRj73WAdSdnaDVcs0cIwNVfJQmTJsvn5eKN3RbUVRn2

In this example, the signature would be calculated as follows:

Base64(SHA256(UTF-8-Encoding-Of(stdY0rTvRj73WAdSdnaDVcs0cIwNVfJQmTJsvn5eKN3RbUVRn2:dqid=3:memberId=741852963:projectId=987654321:status=1:surveyId=852369741:tId=123456789:var1=h494jkfn938:var2=sjew82840dj)))

End Result:

https://www.mysurveys.com/redirect?tId=123456789&projectId=987654321&memberId=741852963&status=1&dqid=3&surveyId=852369741&var1=h494jkfn938&var2=sjew82840dj&hash=nyA8bE-lQ92k4aMP7jo2AIC2_gmHHhGs3-E17rJwYCk

Note: As the result of SHA256 can have characters that cannot be passed un-encoded as a query string parameter, the following character replacements must be made:

Character

Replacement

+

/

_

=

EMPTY STRING

Code Examples

In Java:

       static String getProdegeMRSignature(String stringToSign, String secretKey)
       {
           //get utf8 bytes
           byte[] utf8Bytes = (secretKey + ":" + stringToSign).getBytes("UTF-8");
           //define hashing algo
           MessageDigest digest = MessageDigest.getInstance("SHA-256");
           //generate hash
           byte[] hash = digest.digest(utf8Bytes);
           //base64
           byte[] base64Hash = Base64.encodeBase64(hash);
           //replace url-unfriendly chars
           String signature = new String(base64Hash).replace("+", "-")
                                                    .replace("/", "_")
                                                    .replace("=", "");
           return signature;
       }

In C#:


        static string GetProdegeMRSignature(string stringToSign, string secretKey)
        {
            //get utf8 bytes (important in c# since default is utf16)
            var bytes = Encoding.UTF8.GetBytes(secretKey + ":" + stringToSign);
            //define hashing algo
            var algo = new SHA256Managed();
            //generate hash
            var hashBytes = algo.ComputeHash(bytes);
            //base64
            var base64String = System.Convert.ToBase64String(hashBytes);
            //replace url-unfriendly chars
            var result = base64String.Replace("+", "-").Replace("/", "_").Replace("=", "");
            return result;
        }

In PHP#:


        function getProdegeMRSignature($stringToSign, $secretKey)
        {
                $utf8_encoded   = utf8_encode($secretKey.":".$stringToSign);
                $sha256_hash    = hash('sha256', $utf8_encoded, true);
                $base64_encoded = base64_encode($sha256_hash);
                $signature      = str_replace("+", "-"
                , str_replace("/", "_"
                , str_replace("=", "", $base64_encoded)));
                return $signature;
        }

In Python:


        from hashlib import sha256
        from base64 import b64encode
        def get_prodegemr_signature(string_to_sign: str, secret_key: str) -> str:
                utf_8_encoded = ':'.join((secret_key, string_to_sign)).encode(encoding='UTF-8')
                hashed = sha256(utf_8_encoded).digest()
                base64_encoded = b64encode(hashed).decode(encoding='UTF-8')
                return base64_encoded.replace('+', '-').replace('/', '_').replace('=', '')
PreviousRequest ExpirationNextPanelist vs. Survey Matching

Last updated