Authentication
Game Server Hosting (Clanforge) supports basic HTTP authentication and AWS authentication. Both authentication methods rely on your account credentials. Your credentials include your Access key and Secret key. Visit the Auth Keys page on Clanforge to access and manage your credentials.
Basic authentication
The Game Server Hosting (Clanforge) API supports basic HTTP authentication. You can authenticate with Game Server Hosting (Clanforge) by passing a base64-encoded string of your Game Server Hosting (Clanforge) authentication keys (that's, the access key and the secret key) through the Authorization Header of HTTP requests.
Note: Make sure you set the content the request to application/x-www-form-urlencoded.
Authorization: Basic {base64_encode(AccessKey:SecretKey)}The Game Server Hosting (Clanforge) API supports basic HTTP authentication over HTTPS and authentication with AWS Signature Version 4. Sending any requests over an unsecured HTTP connection results in a redirect to HTTPS.
AWS Signature Version 4 authentication
Deprecated: There are no plans to remove AWS4 authentication, however it is not recommended due to implementation complexity.
Game Server Hosting (Clanforge) supports AWS Signature Version 4 via the HTTP Authorization Header to include authentication information. The following code block has an example of the Authorization header value for a request authenticating with AWS Signature Version 4.
Authorization: AWS4-HMAC-SHA256 Credential=AKIAIOSFODNN7EXAMPLE/20130524/eu-west-1/cf/aws4_request,SignedHeaders=host;range;x-amz-date,Signature=fe5f80f77d5fa3beca038a248ff027d0445342fe2855ddc963176630326f1024Note: There is space between the first two components (that's, AWS4-HMAC-SHA256 and Credential), and the following components (that's, Credential, SignedHeaders, and Signature) are separated by a comma and no space.
The following table describes the various components of the Authorization header value.
| Component | Description |
|---|---|
| AWS4-HMAC-SHA256 | AWS4-HMAC-SHA256 is the algorithm you used to calculate the signature. You must include this value when you use AWS Signature Version 4 for authentication. The string specifies AWS Signature Version 4 (AWS4) and the signing algorithm (HMAC-SHA256). |
| Credential | The Credential component has your Access Key and the scope information, which includes the date, region, and service that were used to calculate the signature. The string has the following form: <AccessKey>/<date>/<region>/<service>/aws4_request |
| SignedHeaders | The SignedHeaders component is a semicolon-separated list of request headers that you used to compute the Signature. The list includes header names only, and the header names must be in lower case. For example, host;range;x-amz-date is valid, but host;Range;X-AMZ-DATE isn't valid. |
| Signature | The Signature is a 256-bit signature expressed as 64 lowercase hexadecimal characters. |
Calculating a signature
To calculate a signature, you first need a string to sign. After you have the string to sign, calculate an HMAC-SHA256 hash of the string with a signing key.
When Game Server Hosting (Clanforge) receives an authenticated request, it computes the signature and then compares it with the signature you provided in the request. You must compute the signature using the same method Game Server Hosting (Clanforge) uses. The process of putting a request in an agreed-upon form for signing is called canonicalization.
CanonicalRequest
| Component | Data | Notes |
|---|---|---|
| HTTP Verb + “\n” + | “GET” or “PUT” or “POST” or “OPTIONS” … | |
| CanonicalURI + “\n” + | UriEncode() | The CanonicalURI is the URI-encoded version of the absolute path component of the URI including everything starting with the “/” that follows the domain name and up to the end of the string or to the question mark character (‘?’) if you have query string parameters. For example, in the URIhttp://s3.amazonaws.com/examplebucket/myphoto.jpg/examplebucket/myphoto.jpg is the absolute path. |
| CanonicalQueryString + “\n” + | UriEncode() + “=” + UriEncode() + “&” +UriEncode() + “=” + UriEncode() + “&” +…UriEncode() + “=” + UriEncode() | Alphabetically Sorted by QueryParam |
| CanonicalHeaders + “\n” + | Lowercase() + “:” + Trim() + “\n” +Lowercase() + “:” + Trim() + “\n” +…Lowercase() + “:” + Trim() + “\n” | Alphabetically Sorted by HeaderName and must include the following:HTTP Host HeaderContent-Type Header if it's present in the Date Header |
| SignedHeaders + “\n” + | Lowercase() + “;” +Lowercase() + “;” +…Lowercase() | Alphabetically Sorted by HeaderName |
| HashedPayload | Hex(SHA256Hash()) | The hexadecimal value is the SHA256 hash of the request payload. If no payload is present, such as in a GET request, you should use the hash of the empty string (for example, Hex(SHA256Hash(“”)). |
StringToSign
| Component | Data | Example |
|---|---|---|
| “AWS4-HMAC-SHA256” + “\n” + | Authorization Type | |
| TimeStamp + “\n” + | Format ISO8601 compact | “201407240525T000000Z” |
| Scope + “\n” + | <yyyymmdd>/<region>/<service>/aws4_request | “20140724/eu-west-1/cf/aws4_request” |
Hex(SHA256Hash(<CanonicalRequest>)) |
SigningKey
| Component | Description |
|---|---|
| DateKey | HMAC-SHA256(“AWS4” + <SecretAccessKey>, “<yyyymmdd>”) |
| DateRegionKey | HMAC-SHA256(<DateKey>, <region>) |
| DateRegionServiceKey | HMAC-SHA256(<DateRegionKey>, <service>) |
| SigningKey | HMAC-SHA256(<DateRegionServiceKey>, “aws4_request”) |
Function definitions
| Component | Description |
|---|---|
| Lowercase() | Convert the string to lowercase. |
Hex(<string>) | Lower case base 16 encoding. |
Trim(<string>) | Remove any leading or trailing white space. |
UriEncode(<string>) | URI encodes every byte. |
HMAC-SHA256(<key>, <data>) | The keyed-hash message authentication code (HMAC) of Secure Hash Algorithm (SHA) HMAC-SHA-256 digest of <data>, <key>, with the result encoded as a binary string. |
Constants and variables
| Variable | Valid values | Description |
|---|---|---|
<region> | eu-west-1 | The service region to service the request is always eu-west-1. |
<service> | cf | The service targeted by the request. The service should be cf for Clanforge/Multiplay. |
“\n” | 0x0a | 0x0a is the ASCII newline character. |
<AccessKey> | The Access key linked to your account. It's a hexadecimal value. | |
<SecretKey> | The Secret key associated with the Access key you provided. It's a hexadecimal value. | |
Host | The Game Server Hosting (Clanforge) API service address. If you are testing in Postman, you might need to update the Host variable manually. |