If you plan to publish your app in our marketplace for other Nexudus customers to use, you will need a combination of an App Key and an App secret to authenticate your requests.
To make a request to the API you will need to issue a HTTP request using the appropriate VERB and always including a Basic Authentication header.
Request Headers:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
To calculate this token you need to use the application Id and application secret that you can find in each of the applications you have created in your account.
Each application running on Nexudus has a key and a secret. It is very important that you never share your application secret, doing so will mean that someone could access all the accounts which installed your application on your behalf.
Important
Never share your secret key!
Registering an Application
Before you can start developing your app, you will need to register an Application in your Nexudus account. This will let you test the installation process within your account. Once your Application is published, any Nexudus customer will be able to install it in their account.
Heads up!
Managing Applications can only be done using the REST API.
Before you can start developing your app, you will need to register an Application in your Nexudus account. This will let you test the installation process within your account. Once your Application is published, any Nexudus customer will be able to install it in their account.
Create Application
You can use the standard REST API endpoint to "Add Application".
You will also need to get the list of roles available so you can connect your app with the right permissions. List of Roles
Get Applications Secrets
GET https://spaces.nexudus.com/api/apps/applications/my
Content-Type: application/json
Authentication: Basic ZXhhbXBsZUBuZXh1ZHVzLmNvbTpFeGFtcGxlMTIzNA==
[
{
"Name": "ExcelMatic",
"ApplicationKey": "f36292c02d9c438d98d8c9eb34897c90",
"SecretKey": "b5d83da7a....7febc62d8dc"
},
{
"Name": "Ezeep",
"ApplicationKey": "27b6a3ce6d26431991847af19e63a3cb",
"SecretKey": "6d7c2c75a641....eea21a81"
},
{
"Name": "Example",
"ApplicationKey": "d4176f7334ea4c5a835ba7ca48729203",
"SecretKey": "3c2a5a7849c....4c8e6ad9"
}
]
Creating an Authentication Token
To create the authentication token you will need to combine the information you know about your application, such as its key and secret, with a piece of information we provide to you when an user installs your application in their account.
When creating an application, we will ask you for an URL. This address is where we will send that piece of information, and usually, where your application will be hosted.
In the example above, when users install your app, we will ask them if they are happy to install your app, and if so, we will redirect them to "http://myapp.com/Install" and provide you with the bit of data you need to create the authentication token.
If the user accepts to install your application, then we will make a request to the "Install Url" with the following parameters:
GET http://yourserver.com/install?
a=d420667525e0489d91068cbf732fe1dc&
t=c90e30fca71a4c37810a292b99d4d4f2&
d=634963729314011098&
h=785a10afef749b1c26cc3c5eb3989082&
b=subdomain&
[email protected]
Parameter | Description |
---|---|
a | Your application unique key. |
t | A token you will need to generate the authentication token. |
d | A number representing the current time. |
h | The MD5 hash of t |
b | The Nexudus Platform unqiue subdomain for the account installing your application. |
e | The email of the user installing your application. |
When receiving this request, your application should check that the request is legitimate. You do this by recalculating the hash yourself and then checking that it matches the h paremeter your received from our servers.
//Calculate hash
var param = new[] {token, app, date};
param = param.OrderBy(x => x).ToArray();
var calculatedHash = (string.Join("|", param) + secret).MD5();
//Check if the request is valid
var valid = (calculatedHash == hash);
Once you know the request is coming from Nexudus Spaces, you can create the authentication token. This token will allow you to make requests to the API. To create the token concatenate the token your received (t) and the secret, then MD5 hash that string.
var authToken = (token + secret).MD5();
Now that we have the authentication token we can make requests to the API. For each request, you will need to make sure that you add an authentication header.
var uri = "https://spaces.nexudus.com/api/businesses"
var client = new HttpClient(uri);
client.DefaultHeaders.Authorization = Credential.CreateBasic(username, password);
If you need to manually create the value header, it's calculated by Base64 encoding the string username:password. The username is the application key (not the secret!) and the password is the token you created following the steps above.