Menu

  • Parceiros
  • Fale conosco

Inscreva-se para receber novidades

Instagram
Linkedin-in
  • Informações Adicionais

1) Primeiros Passos

2) Perguntas Frequentes

3) Políticas de Configuração de Dispositivos

4) Gestão de Aplicativos e Arquivos

5) Android Enterprise

6) Support in English

7) Parceiros

Informações Adicionais

Home
Operation API Authentication – v1  

Isso foi útil?

Operation API Authentication – v1  

Cloud4mobile’s Operation API is available for use by partners. You will find helpful articles to guide you for the correct use of this API. 

Authentication 

Authentication process is a signature of every message you exchange with our servers. So, each request made to the API needs to calculate the authentication token. You can not reuse the same token in each call. All API requests needs to add the following authentication header: 

Autentication: Bearer token_base_64  

Token details 

The Bearer token contains this fields: 


  “consumer_key”:”key_value”, 
  “nonce”:”nonce_value”, 
  “timestamp”:unix_time, 
  “version”:”1.0″, 
  “signature”:”signature_value” 
}  

About the fields: 

  • key_value: it is the value of Consumer Key associated with your Environment. You can access this value in Admin Portal in the section WebAPI Access Token. 
  • nonce_value: it is an unique value per request. You should change this value everytime you do a request to Operation API. This must be a never used before value. This field blocks someone from intercepting you message to reuse it after (Evesdropping, more here: http://en.wikipedia.org/wiki/Eavesdropping). About nonces: http://en.wikipedia.org/wiki/Cryptographic_nonce
  • unix_time: it’s the timestamp for the request. Its the current date/hour in Unix Time. This value avoids users to reuse a message capture in the past. Server has a tolerance of 2hs. 
  • signature_value: its Base64 result of the following calculation: HMACSHA256(secret_value+ key_value+ nonce_value+ valor_timestamp + “1.0” + http_verb + request_url). Take a look here that  secret_value must be used as the key for HMACSHA256 to generate the signature. 

New fields used in the signature calculation: 

  • secret_value: its the value of Consumer Secret. You can obtain it in the same way you have obtained  Consumer Key. As the name suggests, Consumer Secret should not be shared. 
  • http_verb: its the HTTP verb used in the request (GET, POST, PUT, DELETE). This is to avoid malicious people to transform you URL request into something else entirely. For instance, changing a GET into a DELETE. This field should be used with CAPS. 
  • request_url: its the complete URL to access the resource, example: https://api.cloud4mobile.com.br/devices?status=1. This also avoid malicious attempts to intercept and modify your request before it arrives in the server. This field should be used all CAPS either. 

Code samples about Bearer token generation: 

API Documentation 

See more at API Documentation (Swagger)

Compartilhar:

Itens relacionados

  • Comandos C4M: Desbloquear dispositivo
  • Alertas C4M: Marcar alertas como lidos
  • Alertas C4M: Visualizar um alerta
  • Alertas C4M: Filtrar os alertas
  • Alterar as preferências de exibição dos dispositivos no C4M
  • Alterar o nome do dispositivo no C4M
  • C4M – Relatório de Histórico de cartões SIM
  • C4M – Relatório de Armazenamento
  • C4M – Relatório de Localização
  • C4M – Relatório de Dados Móveis
Instagram
Linkedin-in

Qual é o motivo do seu feedback?

Qual é o motivo do seu feedback?