REST API Authentication Strategy

This document is a guide for using Infinite Networks REST API method calls using our proprietory authentication and access control mechanism.


Making a REST API method call




  1. [namespace] is:
    • identity - for the Infinite Identity API
  2. [data-center] is:
    • dc - for the main Infinite Networks data center
  3. [api_method] is the name of the REST API method call
  4. [api_key] is your API application key obtained from your Account dashboard
  5. [ts] is the current GMT unix timestamp as an integer number of seconds since the Epoch, January 1, 1970 00:00 UTC - requests that vary more than 90 seconds from the server time will be rejected
  6. [nonce] is a Cryptographic nonce that you generate uniquely for each REST API request
  7. [signature] is a SHA256 hash signature that verifies the authenticity of your request

Signing the Request

Protecting and securing your data, and the privacy of your users data is of the utmost importance to Infinite Networks. Infinite Networks requires that every request is signed with a cryptographic signature to guarentee that the request originated from an authorized party and was not tampered with while in transit to our data-centers.

The Signing Flow

  1. Generate a timestamp and nonce to be used for the request
  2. Build the signature base string and use your Infinite Networks Secret Key to generate the signature
  3. Build the REST API method URI and submit the API method call to Infinite Networks servers
  4. Infinite Networks verifies the timestamp parameter was generated within 90 seconds of the current UTC time. If the timestamp is stale the call is rejected.
  5. Infinite Networks verifies the signature by re-creating the signature base string then performing the same calculation to generate a signature using your Secret Key and comparing the result with the signature passed as a parameter.