🔒Authorization

Authorization

To ensure the security and privacy of API access, all requests to our service must be accompanied by a valid authorization token. This token is provided in the HTTP header with the name "X-Authorization-Token".

Generating the Token:

1. Token Structure: The token is generated based on plain text in the format: <operator_token>:<secret_key>. Here:

   • <operator_token>: A unique identifier assigned to the operator or client.

   • <secret_key>: A secret passphrase or string assigned to the operator or client for authentication purposes.

2. Encryption: This plain text should be encrypted using AES-256 encryption to produce the final token value.

Example:

If an operator has the following details:

• operator_token: abc123

• secret_key: mysecretkey

The plain text to be encrypted will be: abc123:mysecretkey.

1. Including the Token in Requests: When making a request to the API, include the encrypted token in the header as:

Encryption key: MNzLhy68lkH418xGYFE41XkKvoiRr2FX

X-Authorization-Token: [Encrypted-Token-Value]

Note: It's essential to ensure the security of the <secret_key> and the encrypted token, as possession of either could allow unauthorized access to the API.

List of encryption example:

• Encryption example by PHP

• Encryption example by NODE.js

• Encryption example by GO