SDK authentication
To ensure messages come from legitimate users of your app, implement the following pattern: your backend computes a verification token; the mobile app passes it (with the nonce) into the Instaply SDK.
Server-side digest
Section titled “Server-side digest”Your application backend should provide a verification token computed as SHA1 over the concatenation of:
- A private key Instaply gave you
- A random nonce (salt) generated on your servers
- The customer ID (for example email or phone you use as the Instaply customer identifier)
Concatenate the three without separators:
SHA1( privateKey + nonce + customerId )Example
- Private key:
YOUR_PRIVATE_KEY - Nonce:
RANDOM_NONCE - Customer ID:
herve@example.com
SHA1("YOUR_PRIVATE_KEY" + "RANDOM_NONCE" + "herve@example.com")which is the same as:
SHA1("YOUR_PRIVATE_KEYRANDOM_NONCEherve@example.com")Example digest (for those exact inputs): f32b6e7dd372275c80c71fc55786b5a26d54576c
Instaply can provide sample implementations in other languages on request.
Python example
Section titled “Python example”from hashlib import sha1
hasher = sha1()hasher.update(b"YOUR_PRIVATE_KEYRANDOM_NONCEherve@example.com")verification_token = hasher.hexdigest()print(verification_token)Configure INSInstaplyAccountManager with the nonce and verification token from your backend:
[[INSInstaplyAccountManager sharedManager] configureWithAPIKey:apiKey userID:userId type:INSUserIdTypeEmail randomNonce:nonce verificationToken:verificationToken];Android
Section titled “Android”Authentication authentication = new Authentication( apiKey, nonce, digest, customerId, businessId, null);instaplySharedAPI.authenticate(authentication, callback);With this flow Instaply can trust that your server bound the customerId to the private key (the key never ships in the app).
Test keys
Section titled “Test keys”For development, Instaply may issue API tokens where nonce and digest are not required. That mode is for testing only — do not use in production.
See also Credentials.