How to use the REST API
The Kiosk Browser Remote API is available for all subscribers. It is designed to allow programmatic access to devices and other relevant information within your account.
A list of all available endpoints can be found here.
Security
The API implements HMAC authentication which uses an API Key and Secret Key (secret key is only known to our server and you). The secret key should NEVER be shared or sent in any HTTP Request. HMAC authentication works by hashing a request message via HMAC256 with the secret key. The server identifies the request using the API key and then using the same secret key attempts to build the request message based on the same parameters. It creates it's own hash and compares that with the request hash, if they match the request is allowed.
Creating the request message
The message is made up of the following in the exact order below:
Request type (GET, POST)
UTC Date & Time in the following format yyyy-MM-dd HH:mm:ss (YEAR-MONTH-DAY HOUR:MINUTES:SECONDS)
URI e.g. /api/device/1
e.g. GET2015-08-18 13:51:36/api/device/1
e.g. GET2015-08-18 13:51:36/api/push/1/5
Headers
These two headers must be included in your request, the time stamp must be UTC in the specified format.
Authentication = APIKEY:MESSAGEHASH
Timestamp = yyyy-MM-dd HH:mm:ss
Samples
We currently provide samples for C# .NET, PHP and Node.js but the API can be consumed from any platform.
If you are specifically looking how to hash the message using HMAC SHA256 in your preferred language then there are some great samples here.
Where do I find my API Key & Secret Key?
You can find this within My Account > Click Show My API Key button.
A list of all available endpoints can be found here.
Security
The API implements HMAC authentication which uses an API Key and Secret Key (secret key is only known to our server and you). The secret key should NEVER be shared or sent in any HTTP Request. HMAC authentication works by hashing a request message via HMAC256 with the secret key. The server identifies the request using the API key and then using the same secret key attempts to build the request message based on the same parameters. It creates it's own hash and compares that with the request hash, if they match the request is allowed.
Creating the request message
The message is made up of the following in the exact order below:
Request type (GET, POST)
UTC Date & Time in the following format yyyy-MM-dd HH:mm:ss (YEAR-MONTH-DAY HOUR:MINUTES:SECONDS)
URI e.g. /api/device/1
e.g. GET2015-08-18 13:51:36/api/device/1
e.g. GET2015-08-18 13:51:36/api/push/1/5
Headers
These two headers must be included in your request, the time stamp must be UTC in the specified format.
Authentication = APIKEY:MESSAGEHASH
Timestamp = yyyy-MM-dd HH:mm:ss
Samples
We currently provide samples for C# .NET, PHP and Node.js but the API can be consumed from any platform.
If you are specifically looking how to hash the message using HMAC SHA256 in your preferred language then there are some great samples here.
Where do I find my API Key & Secret Key?
You can find this within My Account > Click Show My API Key button.
Updated on: 19/07/2019
Thank you!