Note! Parameters and model values with multitype values are not shown in "Example Value" view.
Use the "Model View" instead.
Authentication system explained:
For authentication to succeed, the client have to send 2 HTTP headers:
HTTP Request example
GET /api/v1/borrowers/12 HTTP/1.1 Host: api.yourkohadomain.fi X-Koha-Date: Mon, 26 Mar 2007 19:37:58 +0000 Authorization: Koha admin69:frJIUN8DYpKDtOLCwo//yllqDzg=
Constructing the Authorization header
The signature is a HMAC-SHA256-HEX hash of several elements of the request, separated by spaces:
Signed with the Borrowers API key
The server then tries to rebuild the signature with each of the user's API keys. If one matches the received signature, then authentication is almost OK.
To avoid requests to be replayed, the last request's X-Koha-Date-header is stored in database and the authentication succeeds only if the stored Date is lesser than the X-Koha-Date-header.
Constructing the signature example
Signature = HMAC-SHA256-HEX("HTTPS" + " " + "/api/v1/borrowers/12?howdoyoudo=voodoo" + " " + "admin69" + " " + "760818212" + " " + "frJIUN8DYpKDtOLCwo//yllqDzg=" );