Authentication

Authentication

While all HTTP GET and HTTP POST requests are accepted without authentication, an active account in the Allele Registry is required for sending all HTTP PUT requests. Three special parameters must be added to every request that needs an authentication:

  1. gbLogin – user login
  2. gbTime – current time saved as integer number of seconds since the Epoch
  3. gbToken – special token calculated from original request URL, gbLogin, gbTime and user password

The parameter gbToken is calculated in the following way:

SHA1_hex(url + SHA1_hex(gbLogin + password) + gbTime)

where url is the original request (without gbLogin, gbTime and gbToken, if there is no parameters it must have question mark at the end), operator + denotes simple string concatenation and SHA1hex(…) denotes hexadecimal representation of SHA1 calculated on given ASCII string.

In the section Sending HTTP requests there are sample code snippets which may be used for preparing a request with authentication.