Authorisation Header

The authorisation header must be recalculated and sent on ever request. If the token calculated server side does not match the token sent, the client will receive “HTTP Error 401 Unauthorised”.

Authorisation Header:

Authorisation: Basic usergroup=””, username=””, timestamp=””, token=””

Usergroup = Backoffice credentials used to login to the backoffice website
UserName = Backoffice credentials used to login to the backoffice website
Timestamp = UTC date time in the format of “yyyyMMddHHmmssfff”(in java this would be “yyyyMMddHHmmssSSS”)
Token =Base64 value, calculation shown below

Calculating the authorisation token:


MD5 md5Hash = MD5.Create();
SHA256 sha256 = SHA256.Create();
string formattedDateTime = DateTime.UtcNow.ToString("yyyyMMddHHmmssfff");

byte[] urlInBytes = Encoding.UTF8.GetBytes("url");
byte[] timeStampInBytes = Encoding.UTF8.GetBytes(formattedDateTime);
byte[] hashedPasswordInBytes = md5Hash.ComputeHash(Encoding.UTF8.GetBytes("password"));

byte[] token = new byte[urlInBytes.Length + timeStampInBytes.Length + hashedPasswordInBytes.Length];
Buffer.BlockCopy(urlInBytes, 0, token, 0, urlInBytes.Length);
Buffer.BlockCopy(timeStampInBytes, 0, token, urlInBytes.Length, timeStampInBytes.Length);
Buffer.BlockCopy(hashedPasswordInBytes, 0, token, urlInBytes.Length + timeStampInBytes.Length, hashedPasswordInBytes.Length);

byte[] hashedTokenInBytes = sha256.ComputeHash(token);
string base64Token = Convert.ToBase64String(hashedTokenInBytes);


MessageDigest md5 = MessageDigest.getInstance("MD5");
byte[] md5Pass = md5.digest();

DateFormat dateFormat = new SimpleDateFormat("yyyyMMddHHmmssSSS");
String formattedDate = dateFormat.format(new Date()); //formatted in UTC/GMT time
byte[] urlDateBytes = (url + formattedDate).getBytes();

byte[] tokenBytes = new byte[md5Pass.length + urlDateBytes.length];
System.arraycopy(urlDateBytes, 0, tokenBytes, 0, urlDateBytes.length);
System.arraycopy(md5Pass, 0, tokenBytes, urlDateBytes.length, md5Pass.length);
MessageDigest sha256 = MessageDigest.getInstance("SHA-256");
byte[] tokenHash = sha256.digest();

String token = Base64.encodeToString(tokenHash, Base64.NO_WRAP);