APP keys, user tokens, shared secrets

At Signhost we use a variety of keys to ensure the secure and controlled transfer of our data. See below for an explanation of these 3 keys, which can be created in the Signhost web portal.

Any organization using the API for their own interface will have a unique APP Key issued by Signhost. A fixed component of every HTTP Request to the Signhost.com servers is a header containing the APP Key in order to identify the application used to send the request. 

The APP Key can be created in the web portal, under the 'Developer' menu.

Whenever a Signhost user wishes to use an application other than the standard Signhost web portal, first of all a user token must be generated in the portal. This key can be used to identify the user on any other application, so that the server knows whose name the invitation must be sent under.  If users need to be registered in your application, don't forget to add their user tokens! Users do need to have an account with Signhost in order to create a User token. 

The user token (API key) can be created in the web portal, under the 'Settings' menu.

Whenever a transaction is sent via the API, the option is available for your application to receive postbacks with status updates from the Signhost server. This may contain sensitive information, such as personal data from a completed verification. For this reason, only HTTPS URLs are accepted. If your application reflects the statuses of transactions, the postbacks are an absolute must.  

The Shared secret is used in the checksum validation calculation (see also the documentation on how the checksum should be calculated, and on the best way to implement the postbacks).

The shared secret can be created by adding a postback URL in the web portal under the 'Developer' menu.