Custom Auth Scheme
Authorization Header
You can also access the MyPreferences API using our custom authorization scheme. This requires you to include an authorization field in the HTTP Header for all types of requests. This authorization field should contain the appropriate scheme and relevant parameters, adhering to the format specified by RFC 7235. The scheme and parameters within the Authorization Header should be separated by a space, as per the defined guidelines.
Authorization: <scheme> <parameters>
Currently there are two scheme types and one available scheme identifier for authorization. Additional schemes may be added to address any weaknesses in the authorization header by adding or removing additional parameters. The authorization scheme types allow for a keyed hash and un-keyed hash.
It is highly recommended that the keyed hash scheme be used whenever possible as it is more secure. Please note that the authorization scheme is case insensitive. An example of each of the two scheme types is shown below:
Un-keyed Hash Scheme | Keyed Hash Scheme |
SchemeIdentifier-CryptoHashIdentifier | SchemeIdentifier-HMAC-CryptoHashIdentifier |
Un-keyed Hash Scheme | Keyed Hash Scheme |
PNAUTHINFO3-SHA256 | PNAUTHINFO3-HMAC-SHA256 |
The SchemeIdentifier drives and defines the authorization process and parameters. Each available scheme identifier will be addressed in the following sections.
The CryptoHashIdentifier is the name of the hash algorithm that is used to generate the signature parameter in all of the scheme authorization parameters. The following hash functions from the SHA-2 family are currently available:
- SHA256
- SHA384
- SHA512
Available Schemes
On this page
- Custom Auth Scheme