A description of the Web API which can be used to calculate the HMAC-SHA56 signature used to verify the origin and integrity of voting links.
It is extremely important that you do not call this API from the client, thus sharing the secret with users. This API MUST ONLY be called form a server that is controlled by you, NEVER from the browser of an agent or user.
Because some platforms may be limited in their ability to support cryptographic algorithms we provide a Web API to calculate the signatures as a service. The API is intended to be called directly from the server which will protect the shared secret used to ensure integrity of the links.
POST /tools/hmac HTTP/1.1
key=abc123&data=this is my data
The response to that request will be the signature string that should be passed in the c parameter of the voting button link.