After ANDS has set up your DOI account you will be issued with a unique App Id (Application Identifier) and Shared Secret.
- App Id: 9b310b815997d2d3123456565f253b0e75e970f7
- Shared Secret: 5f4abcdeaa
Authentication with the DOI M2M service can then be carried out with either a combination of:
- your App ID and shared secret, OR
- your App ID and an IP address
The DOI service authentication process functions in the following way:
- Upon receiving a request the DOI service will check that the provided App ID is valid. If invalid the request will fail with an appropriate response.
- The service will then check to see if a Shared Secret has been provided in the request and if it matches the shared secret assigned to the provided App ID. If matched the request is authorised.
- If the Shared Secret check fails, the Service will then then check to see if the IP address of the machine making the request is registered against the provided App ID. If registered the request is authorised. If the IP address is not registered the request will fail with an appropriate response.
Shared Secrets were introduced in the DOI service as an alternate method of authenticating against the M2M service where a user's IP address was unpredictable (e.g. cloud based virtual machines). The shared secret is a unique string which is automatically assigned by the DOI service upon account creation, and is only known by ANDS DOI Administrators and the account owner.
When authenticating using a Shared Secret, the secret can be passed in one of two ways.
- The first and preferred way is to include the secret in the HTTP request header. In order to do this the Shared Secret shall be appended to the App ID separated by a colon and then base64 encoded.
- PHP example:
Authorization: Basic '.base64_encode($app_id.":".$shared_secret) ; OR
$str = base64_encode($app_id.":".$shared_secret);
Authorization: Basic '.$str
- PHP example:
- $postdata = 'xml=<xml>….</xml>&shared_secret=5f4c5485aa;