Generate Access Token
Implementation Examples of Access Token Generation in Various Programming Languages
Create access token by using HMAC-SHA256
An access token can be generated by combining the api_key and timestamp string with the provided api_secret.
Attribute
Description
api_key
Get it from your PAVE Developer dashboard
api_secret
Get it from your PAVE Developer dashboard
timestamp
UTC Datetime string, example: 2021-05-30T12:49:19Z
Examples in Different Languages:
$token = hash_hmac('sha256', '<username>:<api_key>@<timestamp>', '<api_secret');
// https://www.php.net/manual/en/function.hash-hmac.php
const crypto = require('crypto');
const apiKey = 'your_api_key';
const apiSecret = 'your_api_secret';
const username = 'your_username';
const timestamp = Math.floor(Date.now() / 1000); // current Unix timestamp in seconds
const message = `${username}:${apiKey}@${timestamp}`;
const accessToken = crypto.createHmac('sha256', apiSecret).update(message).digest('hex');
import hashlib
import hmac
import time
api_key = 'your_api_key'
api_secret = 'your_api_secret'
username = 'your_username'
timestamp = str(int(time.time())) # current Unix timestamp in seconds
message = f'{username}:{api_key}@{timestamp}'
access_token = hmac.new(api_secret.encode('utf-8'), msg=message.encode('utf-8'), digestmod=hashlib.sha256).hexdigest()
package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"fmt"
"time"
)
func main() {
apiKey := "your_api_key"
apiSecret := "your_api_secret"
username := "your_username"
timestamp := time.Now().Unix()
message := fmt.Sprintf("%s:%s@%d", username, apiKey, timestamp)
hmac := hmac.New(sha256.New, []byte(apiSecret))
hmac.Write([]byte(message))
access_token := hex.EncodeToString(hmac.Sum(nil))
fmt.Println(signature) // prints the HMAC-SHA256 signature
}
import CommonCrypto
import Foundation
func hmacSha256(message: String, key: String) -> String {
let messageData = message.data(using: .utf8)!
let keyData = key.data(using: .utf8)!
var hmacData = Data(count: Int(CC_SHA256_DIGEST_LENGTH))
hmacData.withUnsafeMutableBytes { hmacPtr in
CCHmac(CCHmacAlgorithm(kCCHmacAlgSHA256), (keyData as NSData).bytes, keyData.count, (messageData as NSData).bytes, messageData.count, hmacPtr)
}
return hmacData.map { String(format: "%02hhx", $0) }.joined()
}
let apiKey = "your_api_key"
let apiSecret = "your_api_secret"
let username = "your_username"
let timestamp = String(Int(Date().timeIntervalSince1970))
let message = "\(username):\(apiKey)@\(timestamp)"
let accessToken = hmacSha256(message: message, key: apiSecret)
import java.nio.charset.StandardCharsets
import java.security.Key
import java.security.MessageDigest
import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec
fun main() {
val apiKey = "your_api_key"
val apiSecret = "your_api_secret"
val username = "your_username"
val timestamp = (System.currentTimeMillis() / 1000).toString()
val message = "$username:$apiKey@$timestamp"
val accessToken = hmacSha256(message, apiSecret)
}
fun hmacSha256(message: String, key: String): String {
val secretKey = SecretKeySpec(key.toByteArray(StandardCharsets.UTF_8), "HmacSHA256")
val mac = Mac.getInstance("HmacSHA256")
mac.init(secretKey)
val hmac = mac.doFinal(message.toByteArray(StandardCharsets.UTF_8))
return bytesToHex(hmac)
}
fun bytesToHex(bytes: ByteArray): String {
return bytes.joinToString("") { "%02x".format(it) }
}
To generate the correct token, please make sure the combination string you are using with the 1) api_key, 2) timestamp and 3) api_secret are arranged in this order.
To generate the correct token, please ensure your timestamp is using UTC Datetime. And use the matching timestamp to the one included in your header when generating your token.
Replace
<username>
with the primary account name that your representative initially provided. Do not set this as one of the user names you created in your dashboard.
Last updated