Notifly
  • Welcome
  • Admin dashboard
    • Overview
    • Notification settings page
    • In-app settings
    • Template variables
    • Notification bundling
  • Widget
    • Introduction
    • Installation
      • Single page applications
      • Static pages (HTML)
    • Authentication
  • Notifly API
    • API Reference
    • Authentication
    • Response codes
    • User
    • Notification
Powered by GitBook
On this page

Was this helpful?

  1. Widget

Authentication

PreviousStatic pages (HTML)NextAPI Reference

Last updated 5 years ago

Was this helpful?

The widget expects an authCode to be included as part of the config object. The value of the the authentication code should be a hash of your application's secret and the user's externalId field using the hashing function. The Notifly server also computes the hash value and checks that the two values match. If successful the server returns a token which is then used to authenticate future requests. If the hashes do not match the server returns 401 status code.

Code examples

import hashlib
import hmac

authCode = hmac.new(
    NOTIFLY_APP_SECRET.encode('utf-8'),
    str(user.id).encode('utf-8'),
    digestmod=hashlib.sha256,
).hexdigest()

# The `.encode` here assume that you use Python 3
# and that `NOTIFLY_APP_SECRET` is a `str`-object
# (which would be `unicode` in Python 2).
const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', NOTIFLY_APP_SECRET);
hmac.update(user.id);

// WARNING: Never calculate this in the frontend!
// It would expose your Notifly app secret and
// allow users to send arbitrary notifications
// to all users of your app.
require 'openssl'

OpenSSL::HMAC.hexdigest('sha256', NOTIFLY_APP_SECRET, user.id)

For other languages check:

HMAC-SHA256
https://gist.github.com/thewheat/7342c76ade46e7322c3e