A description of the Web API, which can be used to calculate the HMAC-SHA256 signature, is used to verify the origin and integrity of voting links.
It is essential that you do not call this API from the client, thus sharing the secret with users. This API MUST ONLY be called from a server that you control, NEVER from an agent or user's browser.
Because some platforms may be limited in supporting cryptographic algorithms, we provide a Web API to calculate the signatures as a service. The API is intended to be called directly from the server, which will protect the shared secret used to ensure the integrity of the links.
The API is available at the URL https://api.happysignals.com/tools/hmac. To call the API, make a POST request with two parameters: key and data. The key refers to the shared secret or origin word set up between HappySignals and you, and the data is the string that you wish to sign.
An example request:
POST /tools/hmac HTTP/1.1
Host: api.happysignals.com
Content-Type: application/x-www-form-urlencoded
key=abc123&data=this is my data
The response to that request will be the signature string that should be passed in the c parameter of the voting button link.
a12a3a3d1696589a87a9672f6fae6fb5ecf884ee300f98e26993964a604b7ff7