Posting API - Access Security
Data Provider Authentication
The 1st action performed by the ShowTime Analytics API upon receipt of a posted message is Authentication. A username and password will be issued to each Dataprovider and they will be transmitted in each request via the Authorization header.
The Authorization header is constructed as follows:
- Username and password are combined into a string "username:password"
- The resulting string is then encoded using the RFC2045-MIME variant of Base64, except not limited to 76 char/line
- The authorization method and a space i.e. "Basic " is then put before the encoded string.
For example, if the user agent uses 'Aladdin' as the username and 'open sesame' as the password then the header is formed as follows:
Authorization: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
IP Filtering
Messages to our API will only be permitted from the approved list of IP addresses for each data provider.
Encryption
The API is entirely HTTP-based and all data transferred using HTTPS (over SSL)