Each request to Prodege APIs must be signed. Redirects and survey URLs can be signed as well.
The signature scheme will be built based on the following formula where StringToSign consists of all parameters included in the URL, in alphabetical order, and concatenated by a colon (:). The SecretKey will be provided to you by Prodege.
Base64(SHA256(UTF-8-Encoding-Of(SecretKey + “:” + StringToSign))),
Example (Redirect)
Base URL:
https://www.mysurveys.com/redirect
Parameters:
tId=123456789
projectId=987654321
memberId=741852963
status=1
dqid=3
surveyId=852369741
var1=h494jkfn938
var2=sjew82840dj
hash=
Secret Key:
stdY0rTvRj73WAdSdnaDVcs0cIwNVfJQmTJsvn5eKN3RbUVRn2
In this example, the signature would be calculated as follows:
Base64(SHA256(UTF-8-Encoding-Of(stdY0rTvRj73WAdSdnaDVcs0cIwNVfJQmTJsvn5eKN3RbUVRn2:dqid=3:memberId=741852963:projectId=987654321:status=1:surveyId=852369741:tId=123456789:var1=h494jkfn938:var2=sjew82840dj)))
End Result:
https://www.mysurveys.com/redirect?tId=123456789&projectId=987654321&memberId=741852963&status=1&dqid=3&surveyId=852369741&var1=h494jkfn938&var2=sjew82840dj&hash=nyA8bE-lQ92k4aMP7jo2AIC2_gmHHhGs3-E17rJwYCk
Note: As the result of SHA256 can have characters that cannot be passed un-encoded as a query string parameter, the following character replacements must be made:
Code Examples
In Java:
Copy static String getProdegeMRSignature(String stringToSign, String secretKey)
{
//get utf8 bytes
byte[] utf8Bytes = (secretKey + ":" + stringToSign).getBytes("UTF-8");
//define hashing algo
MessageDigest digest = MessageDigest.getInstance("SHA-256");
//generate hash
byte[] hash = digest.digest(utf8Bytes);
//base64
byte[] base64Hash = Base64.encodeBase64(hash);
//replace url-unfriendly chars
String signature = new String(base64Hash).replace("+", "-")
.replace("/", "_")
.replace("=", "");
return signature;
}
In C#:
Copy
static string GetProdegeMRSignature(string stringToSign, string secretKey)
{
//get utf8 bytes (important in c# since default is utf16)
var bytes = Encoding.UTF8.GetBytes(secretKey + ":" + stringToSign);
//define hashing algo
var algo = new SHA256Managed();
//generate hash
var hashBytes = algo.ComputeHash(bytes);
//base64
var base64String = System.Convert.ToBase64String(hashBytes);
//replace url-unfriendly chars
var result = base64String.Replace("+", "-").Replace("/", "_").Replace("=", "");
return result;
}
In PHP#:
Copy
function getProdegeMRSignature($stringToSign, $secretKey)
{
$utf8_encoded = utf8_encode($secretKey.":".$stringToSign);
$sha256_hash = hash('sha256', $utf8_encoded, true);
$base64_encoded = base64_encode($sha256_hash);
$signature = str_replace("+", "-"
, str_replace("/", "_"
, str_replace("=", "", $base64_encoded)));
return $signature;
}
In Python:
Copy
from hashlib import sha256
from base64 import b64encode
def get_prodegemr_signature(string_to_sign: str, secret_key: str) -> str:
utf_8_encoded = ':'.join((secret_key, string_to_sign)).encode(encoding='UTF-8')
hashed = sha256(utf_8_encoded).digest()
base64_encoded = b64encode(hashed).decode(encoding='UTF-8')
return base64_encoded.replace('+', '-').replace('/', '_').replace('=', '')