How to generate Imagga API call signature

The signature serve as simple and secure scheme to protect your call against spoofing and other identity thieft attacks. The signature is generated by hashing the API call paramers' names and their values and the API customer secret as explained below.

Contents

Generating API call signature

Algorithm

Here is the algorithm that you should use to generate the sig parameter in your API calls. The required steps are represented in a language-independent text form.

Algorithm for the signature generation:

Intput:
	The parameters of the API call as key-value array
	API secret string

Algorithm:
	1. Start with an empty result string
	
	2. Sort the parameters array by key (in ascending alphabetical order)

	3. Concatenate all paramters' keys-values pairs (separated with the "=" character) to the result string

	4. Concatenate the API secret string at the end of the result string

Output:
	The MD5 hash of the final concatenated result string

In the PHP Kit

It the "lib" folder of our PHP kit there is a PHP script file (whose name may vary depending on the kit). This file contains the API client methods and some helper/utility functions. The code snippet from this file, that implements the generation of the proper API call signature, is given below. If you can read but don't use PHP code, you can still use the code below (along with the algorithm description above) as a reference for implementation in other languages.

The signature generation snippet in the PHP client library:
// some other code here ...

public static function generate_sig($params_array, $secret)
{
	$str = '';
	ksort($params_array);
	// Note: here we assume that the signature parameter is NOT already included in $params_array.	
	foreach ($params_array as $k=>$v)
	{
		$str .= "$k=$v";
	}
	$str .= $secret;
	return md5($str);
}

// some other code here ...

Signature "Calculator"

  • API Secret
  • Raw API signiture:
  • Hashed API signiture: