Authentication

The widget expects an authCode to be included as part of the config object. The value of the the authentication code should be a hash of your application's secret and the user's externalId field using the HMAC-SHA256 hashing function. The Notifly server also computes the hash value and checks that the two values match. If successful the server returns a token which is then used to authenticate future requests. If the hashes do not match the server returns 401 status code.

Code examples

import hashlib
import hmac

authCode = hmac.new(
    NOTIFLY_APP_SECRET.encode('utf-8'),
    str(user.id).encode('utf-8'),
    digestmod=hashlib.sha256,
).hexdigest()

# The `.encode` here assume that you use Python 3
# and that `NOTIFLY_APP_SECRET` is a `str`-object
# (which would be `unicode` in Python 2).

const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', NOTIFLY_APP_SECRET);
hmac.update(user.id);

// WARNING: Never calculate this in the frontend!
// It would expose your Notifly app secret and
// allow users to send arbitrary notifications
// to all users of your app.

require 'openssl'

OpenSSL::HMAC.hexdigest('sha256', NOTIFLY_APP_SECRET, user.id)

For other languages check: https://gist.github.com/thewheat/7342c76ade46e7322c3e

PreviousStatic pages (HTML)NextAPI Reference

Last updated 4 years ago