Common definitions

Authentification

Calls sent from operator server to hizi.io Server (Backend) will be authenticated via HTTP request header fields

HTTP request header fields sent

X-H-AUTH-ID Operator ID

X-H-AUTH-SIG Signature of payload (details see Signing payloads)

X-H-TIMESTAMP a timestamp in ISO_8601 timestamp format

Calls sent from hizi.io Server (Backend) to operator server will be authenticated via HTTP request header fields

HTTP request header fields sent

X-H-AUTH-ID Operator ID

X-H-AUTH-SIG Signature of payload (details see Signing payloads)

X-H-TIMESTAMP a timestamp in ISO_8601 timestamp format

Signing payloads

You will need a secret with which to sign requests. This secret can be queried by logging in with your credential to the hizi.io backoffice. The signature is a base 64 encoded sha256 HMAC digest of a defined set of parameters of the request. This allows sharing the secret, without including it in the request. Also a timestamp has to be provided as a request header field which has to be included in the signature. Fields should be concatenated with a hash character (#) before calculating the sha256 HMAC.

The signature is always sent with every request using the request header field X-H-AUTH-SIG. For an example implementation of creating signatures login to the hizi.io back office and look at the sample codes provided.

Common definitions ​

Authentification ​

Signing payloads ​

Common definitions

Authentification

Signing payloads