logo Go to Kayako
Start a conversation Sign in
Start a conversation
  1. Kayako Classic Support
  2. Kayako Classic - REST API (Developer Resources)
  3. Articles

Generating API Signature Using PHP

Overview

A request to the Kayako REST API is simply an HTTP request with the URL set to the path of the helpdesk app (such as Base), the controller (like User), and the parameters containing the payload of the request. 

Unlike the Kayako Staff API, the REST API does not require a staff user account to authenticate. The REST API authenticates to the helpdesk using an API key and a secret. By using the API key, your connecting application gains access to your helpdesk's data. This means that the REST API has no concept of staff, team, or department permissions.

Every request you make to the API must carry with it an API key, a randomly generated salt string, and a signature. This article focuses on providing the steps to generate the signature for API calls using PHP.

The signature is computed by hashing the salt and the secret key for every request you make to the API. The signature is a SHA256 hash of the salt with the secret key used as the hashing key.

 

 

Process

Important! Using PHP is highly recommended. If you are unsure of your code, please run the code first using a PHP emulator, like PHPTester.


To generate an API signature, follow the steps below:

  1. Navigate to Admin CP > REST API > API Information.
  2. Copy your REST API key and secret key information.
     
    mceclip0.png
     
  3. Edit the PHP code snippet template below by following these instructions:
     
    • Replace the values of the $apiKey and $secretKey variables with the REST API and secret key information you have obtained.
      Note: Make sure that you paste the key values between the quotation marks.
    • In this example, a static 10-digit number is used as the value of salt. It is less secure, but it makes the process more straightforward. You can also generate a random string for the value of salt using PHPTester. After determining your 10-digit salt, replace mt_rand() with the salt code, e.g., $salt = 1234567890;.
       
      <?php
 
   $apiKey = "apikey";
 
   $secretKey = "secretkey";
 
   // Generates a random string of ten digits
   $salt = mt_rand();
 
   // Computes the signature by hashing the salt with the secret key as the key
   $signature = hash_hmac('sha256', $salt, $secretKey, true);
 
   // base64 encode...
   $encodedSignature = base64_encode($signature);
 
   // urlencode...
   $encodedSignature = urlencode($encodedSignature);
 
   echo "Voila! A signature: " . $encodedSignature;
 
?>
       
  4. Copy the code snippet.
  5. Go to PHPTester.
  6. Paste the code on the first field.
  7. Click the Click to test your php code button to generate a signature key.
     
    mceclip1.png

 

Back to top

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments