Authorization

Credentials

We will provide

Client ID : A unique identifier for each client.
Client Key : A secret key used to generate signatures.

danger

Your Client Key is confidential. Do not share it and ensure it is securely stored.

info

Your signature is time-sensitive and only valid for x seconds defined by the synchronization factor.

Our API Need additional 2 header for authorization:

X-Client-ID : {{ Your Client ID }}
Authorization : TOTP {{ Signature }}

TOTP Time Authorization Rules

Synchronization Factor (sfx) : You need to use your client synchronization factor which will attach to your Client ID.
Use UNIX Timestamp like (unixTs) : Unix Timestamp

TS = unixTs - (unixTs % sfx)
    
example:
    sfx = 30
    unixTs = 1706661025
    
    So your `ts` will be
    
    ts = 1706661025 - (1706661025 % 30)
    ts = 1706661025 - 25
    ts = 1706661000

For our next sample, we will use ts = 1706661000.

Generating Signature

NOBI utilizes HMAC-SHA256 hashing methodology for signature creation.

Example in go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"time"
)

func main(){
    key := "---SECRET---"
    sfx := 30
    signature := GenerateSignature(key, sfx)
    fmt.Println("Your TOTP Signature:", signature)
}

func GetTimebaseUnix(sfx int64) int64 {
	unixTs := time.Now().Unix()
	return unixTs - (unixTs % sfx)
}

func GenerateSignature(key string, sfx int64) (signature string) {
	mac := hmac.New(sha256.New, []byte(key))
	ts = GetTimebaseUnix(30)
	mac.Write([]byte(fmt.Sprintf("%d", ts)))
	sign := mac.Sum(nil)
	signature = hex.EncodeToString(sign)
	return
}

Authorization

Credentials​

TOTP Time Authorization Rules​

Generating Signature​

Credentials

TOTP Time Authorization Rules

Generating Signature