Legacy authentication

The original version of Incandescent used a more complicated authentication variable than the current one. This will always be supported – original documentation on this is below.

This authentication method is now deprecated. For backwards compatibility, it will not be sunset, and will continue functioning indefinitely.

IncandescentAPI uses a signed authentication process to verify that it’s you making the request. All requests must include three variables to authenticate the request:
uid: Your user ID
expires: a Unix timestamp (in seconds) indicating how long the request is valid. Expires should be a time no more than twenty minutes ahead of now.
signature: an HMAC-SHA1 hash of your uid, the expires parameter, and your API Key. The secure hash must be base64 encoded then URL-encoded before IncandescentAPI accepts the signature as valid.

In PHP, we generate these variables with the following code:

// UID - this is unique to you
$uid = 1;
// API Key - this is unique to you
$apikey = "";
// Expires - when the signature will become invalid (UNIX timestamp) - may be no more than 1200 seconds from now.
$expires = time()+300;
// Generate Signature
$stringToSign = $uid."\n".$expires; 
$binarySignature = hash_hmac('sha1', $stringToSign, $apikey, true);
$signature =urlencode(base64_encode($binarySignature));

$data = array("uid"=>$uid,"expires"=>$expires,"signature"=>$signature);