Edit this page on Github

Web Service Authentication

Once the DAISY Pipeline has been installed, it can be configured to accept only authenticated responses via the Java property org.daisy.pipeline.ws.authentication. With this property set to true, client applications must submit authenticated requests.

Upon being accepted as a Pipeline application, each client receives an authentication ID and a secret string, which they must keep secret. The process for submitting an authenticated request is as follows:

Here, we will assume the authentication ID is “myclient” and the secret is “mysecret”.

Then the client takes this URI string and generates an HMAC SHA1 hash using their secret. The hash function looks roughly like this:

hashString = createHash("http://example.org/ws/scripts?authid=myclient&time=2012-02-09T02:23:40Z&nonce=533473712461604713238933268313", "mysecret")
print hashString

Now escape the hash string so it can be passed as part of a URI: gq%2FlpIuWqEDjhWviAjyccNTzdZk%3D

Finally, append the escaped hash string to the URI. It must be the last query parameter.


This is the URI to submit to the Web Service. If myclient has a permission level to do what they want, then their request will be accepted. Currently, only admin requests require a client to have a special permission level (ADMIN instead of the default CLIENTAPP).