A description of the Web API which can be used to calculate the HMAC-SHA56 signature used to verify the origin and integrity of voting links.
It is extremely important that you do not call this API from the client, thus sharing the secret with users. This API MUST ONLY be called form a server that is controlled by you, NEVER from the browser of an agent or user.
Because some platforms may be limited in their ability to support cryptographic algorithms we provide a Web API to calculate the signatures as a service. The API is intended to be called directly from the server which will protect the shared secret used to ensure integrity of the links.
The API is made available at the url https://api.happysignals.com/tools/hmac to call the API make a POST request with two parameters key and data, where key refers to the shared secret or origin word set-up between HappySignals and you, and data is the string that you wish to sign.
An example request:
POST /tools/hmac HTTP/1.1
key=abc123&data=this is my data
The response to that request will be the signature string that should be passed in the c parameter of the voting button link.