Let's Chat?

Login Key Samples

Visit Glance Login Key Check to view an HTML page with a form to generate and test login keys.

The page may be saved and used locally since the key generation is carried out in the browser-side Javascript, and the page does not make server requests. To see working code that generates a Login Key, please refer to the Javascript source.

Typically, key generation will be done by server-side code to protect the API Key.

JavaScript Example

To use this Javascript function in a browser you must load the crypto-js.js script from the crypto-js package. It may be available on a content delivery network like cdnjs.

CryptoJS.enc.Base64._map = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_=';
function GenerateLoginKey(partnerId, partnerUserId, expirationSeconds, apikey) {
    var version = 1;
    var expiration = Math.round(Date.now()*0.001) + expirationSeconds;
    var keystring = partnerId.toString()
           + partnerUserId.toString()
           + version.toString()
           + expiration.toString();
    var hmac = CryptoJS.HmacSHA256(keystring, apikey);
    var hmacb64 = hmac.toString(CryptoJS.enc.Base64);
    var loginkey = "$" + version
           + "$" + expiration
           + "$" + hmacb64.substr(0, 43);
    console.log(loginkey)
}

GenerateLoginKey(98765, "UserId", 7200, "RedactedApiKey")

To use it in server code on a nodejs server:

  1. run npm include crypto-js --save in your project.
  2. put this require() line before the function.
var CryptoJS = require("crypto-js");

var HmacSHA256 = require('crypto-js/hmac-sha256') var Base64 = require('crypto-js/enc-base64')

C# Example

public static string GenerateLoginKey(int partnerId, string partnerUserId,
                                      int expirationSeconds, string apikey)
{
    const int ver        = 1;

    DateTime expires     = DateTime.Now.AddSeconds(expirationSeconds);
    DateTime epoch       = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
    int     expiration   = Convert.ToInt32((expires.ToUniversalTime() - epoch).TotalSeconds);

    string message       = partnerId.ToString() + partnerUserId.ToString() + ver.ToString()
                                                 + expiration.ToString();
    var    encoding      = new System.Text.UTF8Encoding();
    var    hmac          = new System.Security.Cryptography.HMACSHA256(encoding.GetBytes(apikey));

    string hash          = Convert.ToBase64String(hmac.ComputeHash(encoding.GetBytes(message)));

    hash = hash.Substring(0, 43).Replace('+', '-').Replace('/', '_');   // base64url no padding

    string loginkey      = '$' + ver.ToString() + '$' + expiration.ToString() + '$' + hash;
    return loginkey;
}

Java Example

import java.nio.charset.StandardCharsets;
import java.time.Instant;
import javax.crypto.Mac;
import javax.crypto.spec.*;
import java.util.Base64;
public class LoginKey {
    public static void main(String[] args) {
      String key = GenerateLoginKey(1, "bronan", 7200, "RedactedApiKey");
      System.out.println(key);
    }
    public static String GenerateLoginKey(int partnerId, String partnerUserId,
                                          int expirationSeconds, String apikey) {
      int ver = 1;
      int timestamp = Math.toIntExact(Instant.now().getEpochSecond());
      int expiration = timestamp + expirationSeconds;
      String message = String.valueOf(partnerId)
                    + String.valueOf(partnerUserId)
                    + String.valueOf(ver)
                    + String.valueOf(expiration);
      try {
        Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
        SecretKeySpec secret_key =
            new SecretKeySpec(apikey.getBytes(StandardCharsets.UTF_8),
                             "HmacSHA256");
        sha256_HMAC.init(secret_key);
        String hash = Base64
               .getEncoder()
               .encodeToString(sha256_HMAC
               .doFinal(message
               .getBytes()));
        hash = hash.substring(0, 43)
                .replace('+', '-')
                .replace('/', '_');
        return '$' + String.valueOf(ver)
             + '$' + String.valueOf(expiration)
             + '$' + hash;
        } catch (Exception e) {
            System.out.print(e.getMessage());
            return "Error";
        }
    }
}

Python Example

import time
import hmac
from hashlib import sha256
import base64

def generateLoginKey(partnerId, partnerUserId, expirationSeconds, apikey):
    ver = 1
    timestamp = int(time.time())
    expiration = timestamp + expirationSeconds
    message = str(partnerId) \
            + str(partnerUserId) \
            + str(ver) \
            + str(expiration)
    hmac_bytes = hmac.new(bytes(apikey, "utf-8"), \
                          msg=bytes(message, "utf-8"), \
                          digestmod=sha256) \
                     .digest()
    hash = base64.b64encode(hmac_bytes).decode('ascii')
    hash = hash[:43].replace('+', '-').replace('/', '_')
    return '$' + str(ver) \
         + '$' + str(expiration) \
         + '$' + hash

print(generateLoginKey(98765, "UserId", 7200, "RedactedApiKey"))

By continuing to use the site, you agree to the use of cookies. Learn More