How to use HMAC key to authenticate on web app


Step by Step

Getting the secret key

Login to business admin to obtain the key.

Generate HMAC hash

Use the secret key to create a HMAC digest (hash based message authentication code) from the email address for that user.

Example in PHP

hmac_expiry_date (optional)
hmac_expiry_date is the datetime in Business Timezone (check business timezone setting. It is usually in local timezone) that hmac hash is expired.
hmac_expiry_date must be in format: Y-m-d H:i:s
Example: 2021-08-21 10:01:30

NOTE:

hmac_expiry_date should be html encoded properly when passing on url
Example after encoded: 2021-08-21+10%3A01%3A30
hmac_locale (optional)
hmac_locale is the user language. It must be from the allowed business language list in business setting.

Language Locale
English en
Chinese Traditional (Hong Kong) zh-HK
Chinese Traditional zh-TW
Chinese Simplified zh-CN
Spanish es
Portuguese pt-PT
Vietnamese vi
French fr
Malay (Malaysia) ms-MY
Korean ko
Indonesian id
Thai th
Arabic ar
Japanese ja
Portuguese (Brazil) pt-BR
Italian it
If using email
No expiry_date:
$hash = hash_hmac('sha256', $email, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_email={$email}&hmac_hash={$hash}
With expiry_date:
$hash = hash_hmac('sha256', $email . $expiry_date, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_email={$email}&hmac_hash={$hash}&hmac_expiry_date={$expiry_date}
If using phone
No expiry_date:
$hash = hash_hmac('sha256', $phone, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_phone={$phone}&phone_code={phone_country_iso}
With expiry_date:
$hash = hash_hmac('sha256', $phone . $expiry_date, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_phone={$phone}&phone_code={phone_country_iso}&hmac_expiry_date={$expiry_date}
If using Custom Id
No expiry_date:
$hash = hash_hmac('sha256', $customId, $secret_key);
Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_custom_id={$customId}
With expiry_date:
$hash = hash_hmac('sha256', $customId . $expiry_date, $secret_key);
For example: if $customId = 'P900', $expiry_date = '2021-08-30 14:58:08'
The value to hash should be: 'P9002021-08-30 14:58:08'

Use this url to direct login on web app:
https://{your-business.eber.co}/login/hmac?hmac_hash={$hash}&hmac_custom_id={$customId}&hmac_expiry_date={$expiry_date}