Secret
is presented to the user exactly this one time. Once the user closes the dialog, this information can never be retrieved. It is extremely critical for application security that this secret be never transmitted on the wire.AccessKeyTestClient
/ accessKeyTestClient
to run test methods to verify that the keys you have copied are valid.25 seconds
is tolerated. Time values differing from the server time more than that duration are aborted immediately.Nonce
. This value cannot be repeated in any request executed in the last 35 seconds (calculated against server time). A value generated with sufficient entropy need not worry about this constraint - it is statistically guaranteed to have not repeated.Auth <access-key>:<digest>
where <access-key>
is the generated access key and <digest>
0xB
):HmacSha1
digest of the string.node.js
is available here: https://git.mitter.io/mitter-io/mitter-ts-node/blob/master/src/auth/AccessKeySigner.tsX-Mitter-Application-Id
in the request with the application id as the value.X-Mitter-Sudo-User-Id
can also be provided to make the request behave as if it was performed by the user. For instance, given a user with user ID 7479a76c-a9db-47ff-871e-af6c1f7155e1
, the following request is the same as performing the request while using one of the user tokens generated by the user:NOTE To prevent systematic abuse, subscriber access keys are only provided on a case-by-case basis. If you have identified a use for the same, please reach out to [email protected] with your use case to request subscriber access keys.
X-Mitter-Sudo-Application-Id
header. For example, a request to GET /v1/channels/my-channel/messages
would now look like:403
status and error code missing_context
.Authorization
header, Date
, Nonce
, Content-MD5
, etc. must also be provided as specified in the Signing Algorithm section.