# Request Signing Each request to Prodege APIs must be signed. Redirects and survey URLs can be signed as well. The signature scheme will be built based on the following formula where StringToSign consists of all parameters included in the URL, in alphabetical order, and concatenated by a colon (:). The SecretKey will be provided to you by Prodege. Base64(SHA256(UTF-8-Encoding-Of(SecretKey + “:” + StringToSign))), ### Example (Redirect) Base URL: [ ](http://www.swagbucks.com/prodegemr/project-create) Parameters: tId=123456789 projectId=987654321 memberId=741852963 status=1 dqid=3 surveyId=852369741 var1=h494jkfn938 var2=sjew82840dj hash= Secret Key: stdY0rTvRj73WAdSdnaDVcs0cIwNVfJQmTJsvn5eKN3RbUVRn2 In this example, the signature would be calculated as follows: `Base64(SHA256(UTF-8-Encoding-Of(stdY0rTvRj73WAdSdnaDVcs0cIwNVfJQmTJsvn5eKN3RbUVRn2:dqid=3:memberId=741852963:projectId=987654321:status=1:surveyId=852369741:tId=123456789:var1=h494jkfn938:var2=sjew82840dj)))` End Result: `https://www.mysurveys.com/redirect?tId=123456789&projectId=987654321&memberId=741852963&status=1&dqid=3&surveyId=852369741&var1=h494jkfn938&var2=sjew82840dj&hash=nyA8bE-lQ92k4aMP7jo2AIC2_gmHHhGs3-E17rJwYCk` Note: As the result of SHA256 can have characters that cannot be passed un-encoded as a query string parameter, the following character replacements must be made: | Character | Replacement | | --------- | ------------ | | + | – | | / | \_ | | = | EMPTY STRING | ### Code Examples In Java: ``` static String getProdegeMRSignature(String stringToSign, String secretKey) { //get utf8 bytes byte[] utf8Bytes = (secretKey + ":" + stringToSign).getBytes("UTF-8"); //define hashing algo MessageDigest digest = MessageDigest.getInstance("SHA-256"); //generate hash byte[] hash = digest.digest(utf8Bytes); //base64 byte[] base64Hash = Base64.encodeBase64(hash); //replace url-unfriendly chars String signature = new String(base64Hash).replace("+", "-") .replace("/", "_") .replace("=", ""); return signature; } ``` In C#: ``` static string GetProdegeMRSignature(string stringToSign, string secretKey) { //get utf8 bytes (important in c# since default is utf16) var bytes = Encoding.UTF8.GetBytes(secretKey + ":" + stringToSign); //define hashing algo var algo = new SHA256Managed(); //generate hash var hashBytes = algo.ComputeHash(bytes); //base64 var base64String = System.Convert.ToBase64String(hashBytes); //replace url-unfriendly chars var result = base64String.Replace("+", "-").Replace("/", "_").Replace("=", ""); return result; } ``` In PHP#: ``` function getProdegeMRSignature($stringToSign, $secretKey) { $utf8_encoded = utf8_encode($secretKey.":".$stringToSign); $sha256_hash = hash('sha256', $utf8_encoded, true); $base64_encoded = base64_encode($sha256_hash); $signature = str_replace("+", "-" , str_replace("/", "_" , str_replace("=", "", $base64_encoded))); return $signature; } ``` In Python: ``` from hashlib import sha256 from base64 import b64encode def get_prodegemr_signature(string_to_sign: str, secret_key: str) -> str: utf_8_encoded = ':'.join((secret_key, string_to_sign)).encode(encoding='UTF-8') hashed = sha256(utf_8_encoded).digest() base64_encoded = b64encode(hashed).decode(encoding='UTF-8') return base64_encoded.replace('+', '-').replace('/', '_').replace('=', '') ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://developer.prodege.com/surveys-feed/api-reference/authentication/request-signing.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.