The original version of Incandescent used a more complicated authentication variable than the current one. This will always be supported – original documentation on this is below.
This authentication method is now deprecated. For backwards compatibility, it will not be sunset, and will continue functioning indefinitely.
IncandescentAPI uses a signed authentication process to verify that it’s you making the request. All requests must include three variables to authenticate the request:
uid: Your user ID
expires: a Unix timestamp (in seconds) indicating how long the request is valid. Expires should be a time no more than twenty minutes ahead of now.
signature: an HMAC-SHA1 hash of your uid, the expires parameter, and your API Key. The secure hash must be base64 encoded then URL-encoded before IncandescentAPI accepts the signature as valid.
In PHP, we generate these variables with the following code:
<?php // UID - this is unique to you $uid = 1; // API Key - this is unique to you $apikey = ""; // Expires - when the signature will become invalid (UNIX timestamp) - may be no more than 1200 seconds from now. $expires = time()+300; // Generate Signature $stringToSign = $uid."\n".$expires; $binarySignature = hash_hmac('sha1', $stringToSign, $apikey, true); $signature =urlencode(base64_encode($binarySignature)); $data = array("uid"=>$uid,"expires"=>$expires,"signature"=>$signature); ?>