How to use HMAC key to authenticate on web app
Step by Step
Getting the secret key
Login to business admin to obtain the key.
Generate HMAC hash
Use the secret key to create a HMAC digest (hash based message authentication code) from the email address for that user.
Example in PHP
hmac_expiry_date (optional)
hmac_expiry_date is the datetime in Business Timezone (check business timezone setting. It is usually in local timezone) that hmac hash is expired.
hmac_expiry_date must be in format: Y-m-d H:i:s
Example: 2021-08-21 10:01:30
NOTE:
hmac_expiry_date should be html encoded properly when passing on urlExample after encoded: 2021-08-21+10%3A01%3A30
hmac_locale (optional)
hmac_locale is the user language. It must be from the allowed business language list in business setting.
Language | Locale |
---|---|
English | en |
Chinese Traditional (Hong Kong) | zh-HK |
Chinese Traditional | zh-TW |
Chinese Simplified | zh-CN |
Spanish | es |
Portuguese | pt-PT |
Vietnamese | vi |
French | fr |
Malay (Malaysia) | ms-MY |
Korean | ko |
Indonesian | id |
Thai | th |
Arabic | ar |
Japanese | ja |
Portuguese (Brazil) | pt-BR |
Italian | it |
If using email
No expiry_date:
$hash = hash_hmac('sha256', $email, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_email={$email}&hmac_hash={$hash}
With expiry_date:
$hash = hash_hmac('sha256', $email . $expiry_date, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_email={$email}&hmac_hash={$hash}&hmac_expiry_date={$expiry_date}
If using phone
No expiry_date:
$hash = hash_hmac('sha256', $phone, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_phone={$phone}&phone_code={phone_country_iso}
With expiry_date:
$hash = hash_hmac('sha256', $phone . $expiry_date, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_phone={$phone}&phone_code={phone_country_iso}&hmac_expiry_date={$expiry_date}
If using Custom Id
No expiry_date:
$hash = hash_hmac('sha256', $customId, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_custom_id={$customId}
With expiry_date:
$hash = hash_hmac('sha256', $customId . $expiry_date, $secret_key);
For example: if $customId = 'P900', $expiry_date = '2021-08-30 14:58:08'
The value to hash should be: 'P9002021-08-30 14:58:08'
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_custom_id={$customId}&hmac_expiry_date={$expiry_date}