Secretis presented to the user exactly this one time. Once the user closes the dialog, this information can never be retrieved. It is extremely critical for application security that this secret be never transmitted on the wire.
accessKeyTestClientto run test methods to verify that the keys you have copied are valid.
25 secondsis tolerated. Time values differing from the server time more than that duration are aborted immediately.
Nonce. This value cannot be repeated in any request executed in the last 35 seconds (calculated against server time). A value generated with sufficient entropy need not worry about this constraint - it is statistically guaranteed to have not repeated.
<access-key>is the generated access key and
HmacSha1digest of the string.
X-Mitter-Application-Idin the request with the application id as the value.
X-Mitter-Sudo-User-Idcan also be provided to make the request behave as if it was performed by the user. For instance, given a user with user ID
7479a76c-a9db-47ff-871e-af6c1f7155e1, the following request is the same as performing the request while using one of the user tokens generated by the user:
NOTE To prevent systematic abuse, subscriber access keys are only provided on a case-by-case basis. If you have identified a use for the same, please reach out to [email protected] with your use case to request subscriber access keys.
X-Mitter-Sudo-Application-Idheader. For example, a request to
GET /v1/channels/my-channel/messageswould now look like:
403status and error code
Content-MD5, etc. must also be provided as specified in the Signing Algorithm section.