Signature v2 - Get nonce
POST {{base_url}}/v2/signature
Signature v2 - Get nonce
A nonce is a random token that is generated and stored in Withings server with 30 minutes of validity.
As a partner, you will use this nonce token in the API services that require a signature so that Withings can check that the nonce token is still valid and was never used before. The usage of a nonce token prevents your service calls from replay attacks.
Because this service is a Device Management service, Withings checks your authorised access using your client_id and your client_secret based signature.
To generate the signature please follow these steps:
- Sort the following parameters alphabetically:
-
action -
client_id -
timestamp
-
- Generate a string by concatenating values separated by a comma. The string should look like: value1,value2,value3.
- Apply a hmac hashing function on the string using the algorithm
sha256and your partnerclient_secret(available in your Withings partner dashboard) as a secret key. - Add the hash string in the parameters under the key
signature
This request's prescript builds does exactly that, then set the environment variables for the request to use them.
Look at our API reference for more information
Request Body
[{"name"=>"action", "value"=>"getnonce", "datatype"=>"string"}, {"name"=>"client_id", "value"=>"{{client_id}}", "datatype"=>"string"}, {"name"=>"timestamp", "value"=>"{{timestamp}}", "datatype"=>"string"}, {"name"=>"signature", "value"=>"{{signature}}", "datatype"=>"string"}]