Whispir Forums

New Features

RSS Feed

Enhanced API Callback Authentication

  1. Enhanced API Callbacks - Authentication is now available as an HTTP Header

    Coming in the next release of Whispir we are enhancing the authentication mechanism on our API Callbacks.

    Currently we only support a query string parameter for authentication to your callback services e.g.

    1. HTTPS 1.1 POST https://yourserver.com/yourservice.aspx?auth=XXXyourSharedSecretXXX
    2. Content-Type: application/json
    3. {
    4.     "messageId":"ABC4857BCCF484575FCA",
    5.     "from":{
    6.           "name":"Fred Waters",
    7.           "mri":"Fred_Waters.528798.Sandbox@Contact.whispir.com",
    8.           "mobile":"0430984567",
    9.           "email":"imacros@test.com",
    10.           "voice":"0761881564"
    11.          },
    12.     "responseMessage":{
    13.            "channel":"SMS",
    14.            "acknowledged":"09/01/13 13:22",
    15.            "content":"Yes, I accept. Will I need to bring steel cap boots?"
    16.     }
    17. }

    While this provides a base level of protection, the query string parameters are not encrypted by SSL so therfore susceptable to being visible by potential hackers.

    As such, we have introduced a new mechanism where the Authentication can now be passed in a customer header instead e.g.

    1. HTTPS 1.1 POST https://yourserver.com/yourservice.aspx
    2. Content-Type: application/json
    3. X-Whispir-Callback-Key: XXXyourSharedSecretXXX
    4. {
    5.     "messageId":"ABC4857BCCF484575FCA",
    6.     "from":{
    7.           "name":"Fred Waters",
    8.           "mri":"Fred_Waters.528798.Sandbox@Contact.whispir.com",
    9.           "mobile":"0430984567",
    10.           "email":"imacros@test.com",
    11.           "voice":"0761881564"
    12.          },
    13.     "responseMessage":{
    14.            "channel":"SMS",
    15.            "acknowledged":"09/01/13 13:22",
    16.            "content":"Yes, I accept. Will I need to bring steel cap boots?"
    17.     }
    18. }

    This selection can be made using the 'Register an API Callback' screen within the Whispir Administration menu.

    Enhanced API Callbacks 1

    Enhanced API Callbacks 2

    NOTE: Existing customers will be defaulted to using 'Query String' authentication. If you don't have anything entered into the Authorization Key field, you do not need to be worried by this change. If you are using Authorization, it is recommended that you switch to the more secure HTTP Header approach,.

    For more information about API Callbacks, or to talk about features of the Whispir API, please contact apisupport@whispir.com.

    Jordan Walsh

    Whispir API Product Manager

    Message edited by Jordan Walsh 5 years ago

[ Page 1 of 1 ]