Skip to content

Authorization on backend

REST hooks may be authorized on backend if necessary. This feature is enabled on WCS side with following parameter in flashphoner.properties file

rest_hook_send_hash=true

The secret key has also to be set

rest_hook_secret_key=1234567890

While sending REST request, WCS calculates HMAC md5 hash of request body and places hash to the header

Authorization: WCS f2a40d5f3ec6a43d294a11c1746d3801

Here f2a40d5f3ec6a43d294a11c1746d3801 is a hash example

The backend server that receives REST request, must calculate HMAC md5 hash of request body using secret key and compare this hash with received one in request header. If hashes are equal, the request is authorized and server must respond to it according REST hook type, restClientConfig settings etc. If hashes are not equal, server must return 403 Forbidden.