Authentication
Last updated
Vagon Streams
Last updated
Before starting API integration for your Streams, your application must be uploaded, and the Stream for the application must be created from the Vagon Dashboard.
API Public Key: you can get it from Vagon Dashboard for each Streams.
API Secret: you can get it from Vagon Dashboard for each Streams.
Application ID: you can get it from Vagon Dashboard for each Streams. Stated as _Application_ID_ in the document.
Region: Region coverage can be set from Vagon Dashboard for each Streams.
The client must be authenticated by using API Public and Secret keys with HMAC authentication, by using the SHA256 algorithm.
Every API call requires to be authenticated via the Authorization header.
Header format
Authorization: HMAC {key}:{signature}:{nonce}:{timestamp}
Signature payload is calculated as
payload = "{api key}{request method}{request path}{timestamp}{nonce}{request body}"
request path shouldn't include the base API endpoint. For example if you sending a GET request to https://api.vagon.io/app-stream-management/v2/applications the request path should be /app-stream-management/v2/applications
Request body should be an empty string for GET requests.
Signature is calculated as the
signature = HMAC(SHA256, payload, api secret)
Signature should be in HexaDecimal format
The nonce is a random string value and the timestamp is the current UTC timestamp (milliseconds).
