Signature v2 - Get nonce
POST {{base_url}}/v2/signature
Signature v2 - Get nonce
Aย nonceย is a random token that is generated and stored in Withings server withย 30 minutes of validity.
As a partner, you will use thisย nonceย token in the API services that require aย signatureย so that Withings can check that theย nonceย token is still valid and was never used before. The usage of aย nonceย token prevents your service calls from replay attacks.
Because this service is a Device Management service, Withings checks your authorised access using yourย client_idย and yourย client_secretย basedย signature.
To generate theย signatureย please follow these steps:
- Sort the following parameters alphabetically:
-
action -
client_id -
timestamp
-
- Generate a string by concatenating values separated by a comma. The string should look like:ย value1,value2,value3.
- Apply a hmac hashing function on the string using the algorithmย
sha256ย and your partnerยclient_secretย (available in yourย Withings partner dashboard) as a secret key. - Add the hash string in the parameters under the keyย
signature
This request's prescript builds does exactly that, then set the environment variables for the request to use them.
Look at our API reference for more information
Request Body
[{"name"=>"action", "value"=>"getnonce", "datatype"=>"string"}, {"name"=>"client_id", "value"=>"{{client_id}}", "datatype"=>"string"}, {"name"=>"timestamp", "value"=>"{{timestamp}}", "datatype"=>"string"}, {"name"=>"signature", "value"=>"{{signature}}", "datatype"=>"string"}]