Manage Users Via API

Create, modify, or remove users via Legito API

You can use Legito API to create, modify or deleted users registered under your workspace. You can also use API to manage their permissions.

Authentification

For successful authentification, you first need to generate an API key and a private key in Settings -> Basic settings & design -> API.

  • All requset data must be transformed to concatenated string and signed with hash algorytm sha256 with private key.

  • In all requests must be header X-HTTP-AUTH-TOKEN, whitch contains base64 encoded string in form of {API_key}:{hash}.

Hash string creation

All parameters from URL path, all query parameters and all request data values must be concatented to one string separated by ‘|’ character. It depends on order of values. If some of data value is not of scaral type concatenate values of child data recursively. If some data is boolean, string value is uppercase (TRUE, FALSE).

For example this data structure

  {
    "a": "value"
    "b": "other"
    "c": [
      {
        "d": "some"
      },
      {
        "d": "value",
        "e": true,
        "g": false
      }
    ]
    "f": "this"
  }

is transformed to string

value|other|some|value|TRUE|FALSE|this

For better understanding example of authenticator in PHP

class Authenticator
{
    /**
     * Signs request with sha256 hash
     * @param array $requestData
     * @param string $privateKey
     * @return string
     */
    public static function signRequest(array $requestData, string $privateKey): string
    {
        return hash_hmac('sha256', self::stringify($requestData), $privateKey);
    }
    /**
     * Creates authentification token in {apiKey}:{hash} format
     * @param array $requestData
     * @param string $privateKey
     * @return string
     */
    public static function createAuthToken(string $apiKey, string $authHash): string
    {
        return base64_encode($apiKey . ':' . $authHash);
    }
    /**
     * Stringlifies input data for hash calculation
     * @param $data
     * @return string
     */
    protected static function stringify($data): string
    {
        $string = '';
        if (is_array($data)) {
            foreach ($data as $value) {
                $string .= '|' . self::stringify($value);
            }
        } elseif(is_bool($data)) {
            $string .= '|' . ($data ? 'TRUE' : 'FALSE');
        } else {
            $string .= '|' . (string) $data;
        }
        return ltrim($string, '|');
    }
}