Home Monetize Advertise Resources

HMAC Security Hash (optional)

HMAC Security Hash

Our server will always add a custom header, X-Ayetstudios-Security-Hash, containing a SHA256 HMAC hash of the request parameters and your publisher api key. Your API key can be found in your dashboard at ayetstudios.com under settings.

To verify the hash, perform the following steps:

  1. Get all request parameters

  2. Order the request parameters alphabetically

  3. Build and compare the HMAC hash using the ordered request parameter string and your API key

PHP Example:

ksort($_REQUEST, SORT_STRING);
$sortedQueryString = http_build_query($_REQUEST, '', '&'); // "adslot_id=123&currency_amount=100&payout_usd=1.5...."
$securityHash = hash_hmac('sha256', $sortedQueryString, 'YOUR PUBLISHER API KEY');
if($_SERVER['HTTP_X_AYETSTUDIOS_SECURITY_HASH']===$securityHash) { // actually sent as X-Ayetstudios-Security-Hash but converted by apache2 in this example
    // success
}
else {
    // invalid signature
}

Example HMAC calculation

Assuming the below is the callback we sent to you: 

https://your-site.com/postback/?transaction_id=8ee08f32ae611231b0a49d1bd66e9bf193132561&amount=0.10&payout=1.50&user_id=testuser123456&click_id=1234abcd5678021

1) Get all request parameters

Strip away your domain and order the request parameters alphabetically.

In this example the parameters are already ordered alphabetically.

amount=0.10
click_id=1234abcd5678021
payout=1.50
transaction_id=8ee08f32ae611231b0a49d1bd66e9bf193132561
user_id=testuser123456

2) Order the request parameters alphabetically

This is the ordered request parameter string for the HMAC hash calculation:

amount=0.10&click_id=1234abcd5678021&payout=1.50&transaction_id=8ee08f32ae611231b0a49d1bd66e9bf193132561&user_id=testuser123456

Your API Key from the ayeT dashboard:

9f2228fea0d8e7ce10b2ac36053db14c

3) Build and compare the HMAC hash using the ordered request parameter string and your API key

Hashing the ordered request parameter string with your Secret Key (API Key) with SHA256, you will get the following HASH Key:

3191f052846df1beee6c1d42030fee7448ff8fc47a417bf714c2e0a1308fc010

Compare the HASH Key you calculated to the X-Ayetstudios-Security-Hash our server will always add as custom header for each conversion.

PreviousCallback VerificationNextTesting

Last updated