Communities: HMAC-SHA1 Authentication Model

What is HMAC-SHA1?

HMAC stands for hash-based message authentication code. This authentication is a product of a hash function applied to the body of a message along with a secret key. So rather than sending the authentication data via a Web service request, you send some identifier for the private key and an HMAC. When the server receives the request, it looks up the user's private key and uses it to create an HMAC for the incoming request. If the HMAC submitted with the request matches the one calculated by the server, then the request is authenticated.

How to set-up HMAC-SHA1 for my community?

The security identifiers/tokens will be sent to QuestionPro via the Community URL parameters. HMAC-SHA1 authentication can be set up for your Community from Community>> Log-in Authentication While setting up the authentication, you will have to enter: 1. Key: A 36 character key that is used for hashing the time in seconds. This Key should be 8 characters long. 2. Timestamp: The time window for which the survey URL will be valid. The value entered here is in minutes. Refer below screenshot to know where to make changes:

Survey Software Help Image

You may also be interested in...