# Generate Access Token

Create access token by using [**`HMAC-SHA256`**](https://en.wikipedia.org/wiki/HMAC)

An access token can be generated by combining the api\_key and timestamp string with the provided api\_secret.

| Attribute        | Description                                        |
| ---------------- | -------------------------------------------------- |
| **`api_key`**    | Get it from your PAVE Developer dashboard          |
| **`api_secret`** | Get it from your PAVE Developer dashboard          |
| **`timestamp`**  | UTC Datetime string, example: 2021-05-30T12:49:19Z |

### Examples in Different Languages:

{% tabs %}
{% tab title="PHP" %}

```php
$token = hash_hmac('sha256', '<username>:<api_key>@<timestamp>', '<api_secret');
// https://www.php.net/manual/en/function.hash-hmac.php
```

{% endtab %}

{% tab title="Javascript" %}

```javascript
const crypto = require('crypto');

const apiKey = 'your_api_key';
const apiSecret = 'your_api_secret';
const username = 'your_username';
const timestamp = Math.floor(Date.now() / 1000); // current Unix timestamp in seconds

const message = `${username}:${apiKey}@${timestamp}`;
const accessToken = crypto.createHmac('sha256', apiSecret).update(message).digest('hex');
```

{% endtab %}

{% tab title="Python" %}

```python
import hashlib
import hmac
import time

api_key = 'your_api_key'
api_secret = 'your_api_secret'
username = 'your_username'
timestamp = str(int(time.time())) # current Unix timestamp in seconds

message = f'{username}:{api_key}@{timestamp}'
access_token = hmac.new(api_secret.encode('utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
```

{% endtab %}

{% tab title="Golang" %}

```go
package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"time"
)

func main() {
	apiKey := "your_api_key"
	apiSecret := "your_api_secret"
	username := "your_username"
	timestamp := time.Now().Unix()

	message := fmt.Sprintf("%s:%s@%d", username, apiKey, timestamp)
	hmac := hmac.New(sha256.New, []byte(apiSecret))
	hmac.Write([]byte(message))
	access_token := hex.EncodeToString(hmac.Sum(nil))

	fmt.Println(signature) // prints the HMAC-SHA256 signature
}
```

{% endtab %}

{% tab title="Swift" %}

```swift
import CommonCrypto
import Foundation

func hmacSha256(message: String, key: String) -> String {
    let messageData = message.data(using: .utf8)!
    let keyData = key.data(using: .utf8)!
    var hmacData = Data(count: Int(CC_SHA256_DIGEST_LENGTH))

    hmacData.withUnsafeMutableBytes { hmacPtr in
        CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), (keyData as NSData).bytes, keyData.count, (messageData as NSData).bytes, messageData.count, hmacPtr)
    }

    return hmacData.map { String(format: "%02hhx", $0) }.joined()
}

let apiKey = "your_api_key"
let apiSecret = "your_api_secret"
let username = "your_username"
let timestamp = String(Int(Date().timeIntervalSince1970))

let message = "\(username):\(apiKey)@\(timestamp)"
let accessToken = hmacSha256(message: message, key: apiSecret)
```

{% endtab %}

{% tab title="Kotlin" %}

```kotlin
import java.nio.charset.StandardCharsets
import java.security.Key
import java.security.MessageDigest
import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec

fun main() {
    val apiKey = "your_api_key"
    val apiSecret = "your_api_secret"
    val username = "your_username"
    val timestamp = (System.currentTimeMillis() / 1000).toString()

    val message = "$username:$apiKey@$timestamp"
    val accessToken = hmacSha256(message, apiSecret)    
}

fun hmacSha256(message: String, key: String): String {
    val secretKey = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "HmacSHA256")
    val mac = Mac.getInstance("HmacSHA256")
    mac.init(secretKey)
    val hmac = mac.doFinal(message.toByteArray(StandardCharsets.UTF_8))
    return bytesToHex(hmac)
}

fun bytesToHex(bytes: ByteArray): String {
    return bytes.joinToString("") { "%02x".format(it) }
}
```

{% endtab %}
{% endtabs %}

{% hint style="info" %}
To generate the correct token, please make sure the combination string you are using with the 1) api\_key, 2) timestamp and 3) api\_secret are arranged in this order.
{% endhint %}

{% hint style="info" %}
To generate the correct token, please ensure your timestamp is using UTC Datetime. And use the matching timestamp to the one included in your header when generating your token.
{% endhint %}

{% hint style="info" %}
Replace&#x20;

```php
<username>
```

&#x20;with the primary account name that your representative initially provided. Do not set this as one of the user names you created in your dashboard.
{% endhint %}