Have a Question?

If you have a question, start typing or search for it below.

Sample Content API integration in PHP

<?php
    class Camayak_Request {

        // How many seconds the signed request can differ from
        // the current epoch seconds - the shorter the drift,
        // the less time the signed request has to be test.
        public $signed_url_drift = 5;

        // Your Camayak API key.
        private $api_key = 'CAMAYAK_API_KEY';

        // Your Camayak shared secret.
        private $shared_secret = 'CAMAYAK_SHARED_SECRET';

        private function get_header_signature() {
            $key = 'Camayak-Signature';
            foreach (getallheaders() as $name => $value) {
                if($name == $key) {
                    return $value;
                }
            }
            return NULL;
        }

        private function calculate_signature($epoch) {
            return hash_hmac('sha1', $epoch . $this->api_key, $this->shared_secret);
        }

        public function verify() {
            // Verify that the incoming request is from Camayak.
            $camayak_signature = $this->get_header_signature();
            if(is_null($camayak_signature)) {
                return true;
            }

            // Work out the drift permutations.
            $time = time();
            $epochs = array($time);
            foreach(range(1, $this->signed_url_drift) as $sec) {
                $epochs[] = $time + $sec;
                $epochs[] = $time - $sec;
            }

            foreach($epochs as $epoch) {
                $signature = $this->calculate_signature($epoch);
                if($signature == $camayak_signature) {
                    return true;
                }
            }
            return false;
        }

        public function fetch($resource_uri) {
            // Follow the `resource_uri` and return its contents.
            $params = array('api_key' => $this->api_key);
            if(isset($this->shared_secret)) {
                $params['api_sig'] = $this->calculate_signature(time());
            }
            $query_string = http_build_query($params);
            $json = file_get_contents($resource_uri . '?' . $query_string);
            return json_decode($json);
        }
    }

    // We only want to accept POSTs.
    if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST') {
        // Let's decode the event data.
        $body = file_get_contents('php://input');
        $event = json_decode($body);

        // Determine if we've received a 'ping' request.
        if($event->event === 'validate') {
            header('Content-Type: text/plain');
            die('pong');
        }

        // Initialize a new Camayak_Request object.
        $request = new Camayak_Request();
        if($request->verify() === false) {
            header("HTTP/1.1 401 Unauthorized");
            exit;
        }
        // We've established the request was from Camayak, woohoo!

        // Fetch the assignment data.
        $story = $request->fetch($event->resource_uri);

        // TODO: Save the story here!

        header("Content-Type: application/json");
        echo json_encode(array('published_id' => '123', 'published_url' => 'http://www.mysite.com/new-story', 'published_at' => '2014-06-05T16:45:10.000000Z'));
    }
?>