Authentication

Authentication is needed if you want to be able to do an API write operation, like edit a user's profile information or upload an item (pin) for example.

API Endpoint

https://www.historypin.org/en/api/

API Pair and Token

The API Pair is a combination of user's API key and user's API shared secret. Currently this is the only way to authenticate through the API programatically.

API Key

The API key is a 64 character string randomly generated for user's account.

Example

API_KEY = 'e519f7e8481e2002f9874cf10ac19bfca533704746d02b98ee9f9f6baa3231d8'

API Shared Secret

The API shared secret is a 32 character string randomly generated for user's account.

Example

API_SECRET = '4a37d542252bd03300a8e79131f9624c'

NOTE: This string MUST be kept secret at all times otherwise it will compromise user's security. It must be used ONLY when generating the API Token

Get your API keys

API Keys can be taken from user's profile edit view in the section "API Settings" at the bottom of the page.

If the fields are empty, the API pair can be generated by clicking "Generate API Pair"

API Token

The API Token is a hash that validates the user sending the request.

It is generated by concatenating all request path and request data in specific way. First all key and values are concatenated into a pair with =. then all pairs are ordered alphabetically and concatenated with &.

Example

Request Data, Path:

Request data consists of data send through query string and post data .

api_path = 'user/get_edit.json'

data = {
    'id'              : 19,
    'example_variable': 123,
    'api_key'         : 'e519f7e8481e2002f9874cf10ac19bfca533704746d02b98ee9f9f6baa3231d8',
}

Concatenate key and value. Order alphabetically

data = [
    'api_key=e519f7e8481e2002f9874cf10ac19bfca533704746d02b98ee9f9f6baa3231d8',
    'api_path=user/get_edit.json',
    'example_variable=123',
    'id=19',
]

Concatenate pairs

BODY = 'api_key=e519f7e8481e2002f9874cf10ac19bfca533704746d02b98ee9f9f6baa3231d8&api_path=user/get_edit.json&example_variable=123&id=19'

Generate Token

For the token generation we use HMAC with SHA256 as digest module and the shared secret is our crypto key. After that the API Token is send with the request variables as get argument.

api_token = hmac.new(API_SECRET), BODY, hashlib.sha256).hexdigest()
api_token = '0083a327ee8f63e9f57829dc58214bd63a078c7fcd69f369d54e4fd28a7df7d3' # Example Token

Code Example

import hmac, hashlib
from collections import OrderedDict

API_SECRET = '4a37d542252bd03300a8e79131f9624c'

data = {
    'id'              : 19,
    'example_variable': 123,
    'api_key'         : 'e519f7e8481e2002f9874cf10ac19bfca533704746d02b98ee9f9f6baa3231d8',
    'api_path'        : 'user/get_edit.json',
}

BODY = '&'.join(['{}={}'.format(k, v) for k, v in OrderedDict(sorted(data.items() + postdata.items())).items()])

api_token = hmac.new(API_SECRET, BODY, hashlib.sha256).hexdigest()

Sending Requests

...

...

...

TBD

...

...

...