Netvibes $model.subName User's Guide download pdf (Page 88)

Netvibes Documentation

The public and private keys for the dashboard, which are used in the url, can be generated in the

Single Sign On section of the NPD Manager.

An example of the url that should be called in the iframe (please note that all keys are samples and

will not work for demo purposes):

http://www.netvibes.com/partner/[name of public

page].php?api_key=af8adac8807092b1e1e21662dda56142f3aa5b99&timestamp=12754961

57&user_email [email protected]&sign=a8e50e34bd60206ac8a06b60b05bdc1f8a7609f6

The url is constructed using the following parameters:

api_key

Public key provided by Netvibes.

e.g. af8adac8807092b1e1e21662dda56142f3aa5b99

Timestamp

A UNIX timestamp of 10 digits reflecting the current UTC time e.g. generated with time() method in

PHP

e.g. 1275496157

user_email

The email address identifying the user to be logged into Netvibes

private_key

The private key provided by Netvibes. This is not used in the final url but is used to construct the

sign value.

e.g. 3Ebac988343201cf3c7336684a3656ff3c2cd3d4

sign

The sign value is a SHA1 hash function of all strings and values alphabetically sorted plus the

private key.

I.e. in PHP:

sha1(api_key[api_key_value]timestamp[timestamp_value]user_email[user_email

_value][private_key])

Using the sample data in the example, the following would be used in PHP:

sha1(api_keyaf8adac8807092b1e1e21662dda56142f3aa5b99timestamp1275496157user_e

With a resulting value of:

a8e50e34bd60206ac8a06b60b05bdc1f8a7609f6

It is very important that the construction of the sign value is done on the server side so as not to

expose the private key or message used in the hash.

1 2 ... 83 84 85 86 87 88 89 90 91 92 93 ... 123 124

No comments

Netvibes $model.subName User's Guide Page 88