Authentication

All methods in the SwiftApi stack require a parameter called authString. The authString parameter is used to ensure that the API calls you are making are in fact coming from you and not someone else, i.e. an attacker.

The format for the authString is calculated as follows (this is a java example):

String authString = sha256(username + methodName + password + salt);

Where "sha256" is a function that calculates the sha256 sum of the given string.

So for the "kick" method, if your username is "myusername", your password is "UltraTopSecretPassword!!!" and your salt is "d131dd02c5e6eec4" then the hash would be

String authString = sha256("myusernamekickUltraTopSecretPassword!!!d131dd02c5e6eec4");

Simple!

Here is an example of a sha256 function in Java:

public String sha256(String toBeHashed) {
	MessageDigest md = null;

	try {
		md = MessageDigest.getInstance("SHA-256");
	} catch (NoSuchAlgorithmException algex) {
		System.out.println(algex.getMessage());
	}
	
	md.update(myAuthString.getBytes());
	String hash = byteToString(md.digest());
		
	return hash;
}

public String byteToString(byte[] bytesToConvert) {
	String result = "";
	for (int i = 0; i < bytesToConvert.length; i++) {
		result += String.format("%02x", bytesToConvert[i]);
	}
	return result;
}

There are examples all over the internet for SHA256 implementation in different languages, so get hunting if you can't figure it out!

Comments

To post a comment, please login or register a new account.

SwiftApi

Bukkit Plugins

Pages

Table of Contents