Purpose

This guide explains the process for creating temporary access keys that expire after fixed time period. Temporary access keys enable access to the Skylink API from your application, without having to reveal permanent key details such as credentials, secrets, app keys, or CORS information.


Guide
Use the Skylink  REST API to create a temporary alias keys. These keys have a fixed life of 6 hours and bypass CORS validation.


* Please note this requires the requestor to compute a hash Hmac SHA1. It is recommended that this process is done only from your application server with the result programmatically injected into the client, to maintain security. Using this process on the client side would negate any security provided by the use of this feature, because it would expose the alias key/secret pair.


1. Authenticate via the Login API and capture a valid session cookie. 

2. Using your session cookie, Create a new temporary access key by making a POST post request to /rest/apps using the following mandatory parameters.

  • alias: <alias key ID> 
    • Note: Alias keys are preferred here as opposed to APP Keys for further security.
  • timestamp: <an arbitrary date in ISO8601 format>
    • This serves as the randomisation factor to make sure the generated token is never the same

    • You can generate the timestamp using the JavaScript call (new Date()).toISOString() 
  • token: <a Hex string generated using HmacSHA1 protocol> 
    • The secret can be obtained from the Temasys Console, a secret if provided with every alias key.
    • How to generate: (example is in Node)
      1. Install CryptoJS: npm install crypto-js
      2. Import CryptoJS: var CryptoJS = require('crypto-js');
      3. Apply HmacSHA1 to the <alias+timestamp,secret> pair: 
        var token = CryptoJS.enc.Hex.stringify(CryptoJS.HmacSHA1(alias+timestamp,secret));
    • Note : We will symmetrically compute the same hash and compare on our backend, which guarantees that only the person possessing the correct secret can generate a valid token.
  • isTemporary: true