MD5 hash for authentication

27/03/2009

Printer authentication during web-to-print API calls is controlled by ApiKey parameter which is unique and is not supposed to be shared. User access via API and control of user accounts requires an MD5 hash of the caller’s IP and the user’s password as one of parameters. This post explains how the hash should be calculated.

Hash parameter

Encoding: a hexadecimal string, 32 characters long.

Parameter name: Hash

Http Get example: Hash=855c578152d2436dde27cbfe414c5cf3

Http Post example: <input type=”hidden” value=”855c578152d2436dde27cbfe414c5cf3″ name=”Hash”>

This parameter should be present whenever your server makes a direct API call to ZetaPrints web-to-print system and UserID parameters is present for an existing user. Also, this parameter must be present on referring a registered user to ZetaPrints to ensure automatic logon.

Hash calculation

Hash := MD5(Password + IP), where IP is the ip v.4  address of the caller and Password is the user password as it is in ZetaPrints web-to-print database.  IP and Password should be in UTF-8 and the resulting sequence of bytes hashed using a default implementation of MD5.

It is important that both IP and Password are in UTF-8 encoding and are case sensitive.

Hash testing

Different platforms may have subtle variations affecting the hash value.  You can use a test call to our web-to-print software to test your hash calculation.

Call parameters

Http Post action:  http://[your domain]/API.aspx?page=api-user-hash;ApiKey=[your API key]

<input type=”hidden” name=”Password” value=”[user password]”>

ZetaPrints web-to-print system returns a hash for the supplied password and the callers IP. In the ideal world it should match the hash value you calculated. Contact support@zetaprints.com if you cannot calculate hashes correctly.

See also: