Authentication

The widget expects an authCode to be included as part of the config object. The value of the the authentication code should be a hash of your application's secret and the user's externalId field using the HMAC-SHA256 hashing function. The Notifly server also computes the hash value and checks that the two values match. If successful the server returns a token which is then used to authenticate future requests. If the hashes do not match the server returns 401 status code.

Code examples

Python
Javascript (Node.js)
Ruby
Python
import hashlib
import hmac
authCode = hmac.new(
NOTIFLY_APP_SECRET.encode('utf-8'),
str(user.id).encode('utf-8'),
digestmod=hashlib.sha256,
).hexdigest()
# The `.encode` here assume that you use Python 3
# and that `NOTIFLY_APP_SECRET` is a `str`-object
# (which would be `unicode` in Python 2).
Javascript (Node.js)
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', NOTIFLY_APP_SECRET);
hmac.update(user.id);
// WARNING: Never calculate this in the frontend!
// It would expose your Notifly app secret and
// allow users to send arbitrary notifications
// to all users of your app.
Ruby
require 'openssl'
OpenSSL::HMAC.hexdigest('sha256', NOTIFLY_APP_SECRET, user.id)

For other languages check: https://gist.github.com/thewheat/7342c76ade46e7322c3e