✍️ Learn how to sign requests
Signature hash protocol
In order to authenticate a partner, some Withings APIs use a hash value as a signature. The signature consists of the following parameters:
action
client_id
nonce
To generate a signature please follow these steps:
- Generate a valid nonce using the service Signature v2 - Getnonce
- Sort the values alphabetically by key name: action -> client_id -> nonce
- Generate a string by concatenating values separated by a comma. The string should look this this: value1,value2,value3.
- Apply an HMAC hashing function on the string using the algorithm
sha256
and your partner'sclient_secret
(available in your Withings partner dashboard) as a secret key. - Add the hash string in the parameters under the
signature
key.
Example
Example of signature generation in PHP
language:
<?php
$client_secret = 'My Partner Registration Client Secret';
$client_id = 'My Partner Registration Client Id';
$nonce = 'The nonce I retrieved using service: Signature v2 - Getnonce';
$signed_params = array(
'action' => 'activate',
'client_id' => $client_id,
'nonce' => $nonce,
);
ksort($signed_params);
$data = implode(",", $signed_params);
$signature = hash_hmac('sha256', $data, $client_secret);
$call_post_params = array(
// Set the generated signature
'signature' => $signature,
// Set the signed parameters as clear text in the call post parameters
'action' => 'activate',
'client_id' => $client_id,
'nonce' => $nonce,
// Set other parameters requested to call the service (here we are calling "User v2 - Activate")
'redirect_uri' => 'https://www.withings.com',
'birthdate' => 1563746400
// [...]
);
// Then call the service by using the $call_post_params array as post parameters
?>