Developers API User Authentication

Back to Home

To use the WizeHive API and authenticate users, you first need an API key.

With the API key, you'll also receive a shared secret that is used to sign requests.

Almost all of the WizeHive API methods require a signature.

Signing Requests

To generate a signature, you take your shared secret and prepend it to an alphabetically sorted list of arguments, and then take the md5 sum of this string.
For example, if your shared secret is 000005fab4534d05 and the parameters you are passing are:

dog=foo cat=bar elephant=baz

To sign this request, you would:

  1. Sort your parameters by key name and append them together: 
    dog=foo cat=bar elephant=baz
    becomes: 
    catbardogfooelephantbaz
  2. Prepend your shared secret: 
    000005fab4534d05catbardogfooelephantbaz
  3. Calculate the MD5 hash of the above string: 
    ee30254b3ac602bfbfe716d33dc1735c

We now use this as our api_sig parameter.

Authenticating Users

To authenticate users for your application, construct an authentication URL such as:

http://www.wizehive.com/services/auth/?api_key=123&perms=delete&api_sig=ee30254b3ac602bfbfe716d33dc1735c

Valid perms are:

  • read — gives the ability to read task, workspace, activity and people details and contents.
  • write — gives the ability to read, add and modify tasks, workspaces, notes and people details and contents.
  • delete — gives the ability to read, add, modify, and delete tasks, workspaces, notes and people details and contents.

The api_sig parameter is calculated by the instructions above.

When your application user is directed to this URL, WizeHive will require them to login with their username and password and ask if they want to authorize your application to access their account.

If the user agrees, they are redirected to your callback URL, with a frob. Something like this:

http://www.example.com/wizehive.php?frob=1bc29b36f623ba82aaf6724fd3b16718

Your application will now need to make a call to wizehive.auth.getToken, passing this frob parameter, and you will get back an <auth> element with a token:

<auth>
  <token>022ae2856657803a9d38be53c9208329</token>
  <perms>read</perms>
  <user id="682" username="mcarlson" fullname="Mark Carlson"/>
</auth>

You will use this token parameter for all further authenticated API calls.