Authentication

When Do I Need Authentication?

You only need authentication for Bringg API Calls.

You do not need authentication for Bringg Services, Bringg Webhooks, and Bringg SDKs.

What is Authentication?

Authentication is the how you secure your Bringg API Calls to prove you are you and not someone else. In other words, authentication is like a user name and password.

📘

SSL (Secure Sockets Layer)

Bringg requires SSL to secure all connections between you and the Bringg server.

How Does Bringg API Call Authentication Work?

Bringg supports a simple private-public key authentication scheme. You get two keys from Bringg when you Join as a Developer. You get a public key (your access_token) and a private key (your secret_key). Only you and Bringg know the keys.

Your private key (your secret_key) is used to encrypt your public key (your access_token) along with the current time and your other Bringg API Call parameters. This is called Signing a Bringg API Request and the encrypted value is called your signature. The encrypted signature is sent to the Bringg server.

The Bringg server uses your private key to decrypt the information and verify the Bringg API Call came from you and not someone else - no data is sent unencrypted.

📘

Hmac-SHA1 Encryption

Bringg uses the Hmac-SHA1 encryption method. Hmac is a key-hashed message authorization code. SHA1 is Secure Hash Algorithm 1. Hashing your data with your private-key (secret-key) scrambles the data. Hmac-SHA1 is a very strong encryption and sending your information to the Bringg server is highly secure.

For more information about HmacSHA1 encryption, see HmacSHA1.