The PAVE API requires authentication for all API calls, which is achieved through the use of an HMAC-SHA256 message hash as a header within the request.
Introduction
This section provides the details on how to use the curl command to access the PAVE OpenAPI sessions endpoint using API-Key, API-Token, and API-Timestamp headers. The API-Key and API-Token are used for authentication purposes, and the API-Timestamp is used for ensuring the freshness of the request.
Endpoint
https://openapi.paveapi.com/v1/sessions
HMAC-SHA256
HMAC (Keyed-Hash Message Authentication Code) is a cryptographic technique that calculates a message authentication code by combining a cryptographic hash function with a secret key. In the case of the PAVE Capture API, the cryptographic hash function used is SHA256, resulting in the algorithm known as HMAC-SHA256.
Prerequisites
A valid API Key and API Token should be obtained before accessing the API endpoint.
curl must be installed on your system.
Steps to Use curl
Open a terminal or command prompt.
Use the following curl command to access the API endpoint:
Replace <Your_Generated_Access_Token> with your API Token.
Replace <UTC_Datetime_String> with the UTC datetime in the format YYYY-MM-DDTHH:MM:SSZ. For example, 2023-02-11T12:00:00Z.
Execute the curl command.
The API endpoint will return a JSON object containing the session data.
Headers
The following headers are required for each API request:
Header Name
Description
API-Key
Your API Key, which is used to identify your account and provide access to the API.
API-Token
A generated access token, which is used to authenticate your API request.
API-Timestamp
The UTC datetime string, which is used to verify the freshness of your request.
Note
Make sure to replace the placeholders with the actual values before executing the curl command.
Ensure that the UTC datetime string in the API-Timestamp header is accurate and up-to-date, as it is used for ensuring the freshness of the request.
API-Token: will expire within 5 minutes.
Response
If the request is successful, the API server will return a JSON object that contains the session information, including the session ID, expiration time, and the associated API Key and access token.