Pre-Shared Key Authentication Method

This document outlines how to access the Armor API system using the Pre-Shared Key (PSK) authentication method. This method applies to all Armor API's.

Create an API key in AMP, and then authenticate through the command line

You can use the API tokenization feature in the Armor Management Portal (AMP) to create an API key. This key will help you log into the Armor API system.

After you create a key, you can use a GET request to log into the Armor API system.

Before you begin:

If you access the Armor API system through an AMP-generated API Key, then you will not be able to access the following endpoints:

GET /users/{id}/keys
DELETE /users/{id}/keys/{key}
POST /users/{id}/keys
GET /users/{id:int}/ActivationCode
POST /users/resetpassword
POST /users/setpassword
PUT /users/{id:int}
POST /users/status
POST /users/
POST /users/{userId:int}/invite
GET /users/LockedOut/{accountId}/{email}
POST /users/unlock/{accountId}/{email}
DELETE /users/softDelete
PUT /usersecurity/challengephrase
GET /usersecurity/securityinformation/{referencekey}
POST /usersecurity/securityinformation/{referencekey}
POST /usersecurity/securityinformation/existing/{referencekey}
GET /usersecurity/challengephrase/{userId}
POST /usersecurity/validatemfaphone
POST /usersecurity/securityinformation/{accountId}/{userId}
POST /usersecurity/validatephoneapppin

Step 1: Create an API Key

Step 2: Authenticate into the Armor API system

At a high-level, to authenticate into the Armor API system with your API token, you must create a header with the following information:

ARMOR-PSK {Private Key ID}:{HMACSHA512 Signature}:{Nonce}:{Timestamp}

Review the following sample authentication header:

CODE

ARMOR-PSK 20a37099-4a0b-432f-bf46-5fa690a0405c:8wliK5PMXBrMNQX0DmXkkpC2YD5j+QtPH2xVRZM7jaaS0hC6jhRmtxy+nKJidDnYTpFc6blsO7+4VfKqslbqzA==:8jbj872s2h:1528140529

Authentication Component	Description	Example
Authorization Type	Use ARMOR-PSK.	ARMOR-PSK
API Key ID	Use the Key ID generated in AMP.	20a37099-4a0b-432f-bf46-5fa690a0405c
HMAC signature	Specifically, create a SHA512 signature that includes the following parameters: API key ID (generated in AMP) httpMethod requestPath nonce timestamp requestbody Secret Key (generated from AMP)	8wliK5PMXBrMNQX0DmXkkpC2YD5j+QtPH2xVRZM7jaaS0hC6jhRmtxy+nKJidDnYTpFc6blsO7+4VfKqslbqzA==
Nonce	Enter a unique ID. This ID should be unique per request. This ID cannot be longer than 128 characters. This ID cannot contain a colon ( : ).	8jbj872s2h
Timestamp	Enter a Unix time stamp within 5 minutes of current time.	1528140529

Based on your API application, review the following documents for additional authentication information:

Step 3: Make an API Call

To review the API calls, as well as implement the calls, access the interactive Armor API tool at https://developer.armor.com/.

Troubleshooting

If you cannot create or access the API Keys screen, consider that:

You may not have permissions to use this feature.
- You must have the following permissions enabled:
  - API Keys All Read
  - API Keys All Delete
  - API Keys Self Manage
- To learn how to update your permissions, see Roles and Permissions.