{"_id":"544e8298de6bac1000236fe9","project":"542998547a6b69080076806e","is_link":false,"parentDoc":null,"user":"542998207a6b690800768069","__v":9,"version":{"_id":"542998547a6b690800768071","__v":9,"project":"542998547a6b69080076806e","createdAt":"2014-09-29T17:35:16.249Z","releaseDate":"2014-09-29T17:35:16.249Z","categories":["542998547a6b690800768072","5433027990d63b1c0030c0f1","5433028190d63b1c0030c0f2","5433028d9a2b451a00ad4508","5433055790d63b1c0030c10a","5461417d37e5bc200049e1e4","54624066ddd31b0800a58db4","54625de66d1f1010002f3901","54d309955616470d0013cc55"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"category":{"_id":"542998547a6b690800768072","version":"542998547a6b690800768071","pages":["542a3de5e677b0080050898f","544e8298de6bac1000236fe9","542998547a6b690800768074","542ab90154d88d140075fbd4","5433300867f20a080097a04b","5433302067f20a080097a04d","544e7ae6de6bac1000236fb5","54330b4990d63b1c0030c129","543da24b31ca981a00a6ffe7","54333238a807e208003e72d2","544e8305bd51b9080037f9cb","54332b234aeeef0800410a73","5433306067f20a080097a051","543db19f31ca981a00a70053","543d31d6a10ab32000b3aa70","54a1f0af50465f1f00bfa3e8","54cfc5925ff7e617002bbda5","54f4f09158e9df0d00917b3e"],"project":"542998547a6b69080076806e","__v":22,"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-09-29T17:35:16.267Z","from_sync":false,"order":0,"slug":"getting-started","title":"Getting Started"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2014-10-27T17:36:24.512Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"try":true,"basic_auth":false,"auth":"never","params":[],"url":""},"isReference":false,"order":10,"body":"[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"What is an \\\"App Hash\\\" and where can I get one?\"\n}\n[/block]\nAlso sometimes referred to as \"app code\", but we try to be consistent!\nThis is the unique identifier of your app for our system.  It is generated and assigned when you create an app in the [Dashboard](https://pub.superrewards.com/login).\n\nThey look something like this:\n`nhhpuxlrfgi.022815956433`\n\nAlso see [Creating an App](doc:creating-an-app). \n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"What is the Secret Key?  Is that different?\"\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"danger\",\n  \"title\": \"Secret Keys Are Secret\",\n  \"body\": \"Please make sure you never pass a secret key in a URL or make it publicly-viewable.  They are an important part of keeping your transactions safe.\"\n}\n[/block]\nA *Secret Key* is how you ensure that our notifications to you are authentic.  When we send your app a notification of a transaction, we sign that notification using the key.  It's a shared secret between us, so we can use it to sign the data, and you can use it to test that it was really us.  Only notifications that are properly signed with the key should be accepted by your system, anything else could be something fraudulent.\n\nAlso see how they are used in [Notification Postbacks](doc:notification-postbacks) and [Security: Signed URLs](doc:security-signed-urls).","excerpt":"Details on what we mean and where to find these important values.","slug":"foundation-app-hashes-keys-and-signing","type":"basic","title":"Foundation: Hashes and Keys"}

Foundation: Hashes and Keys

Details on what we mean and where to find these important values.

[block:api-header] { "type": "basic", "title": "What is an \"App Hash\" and where can I get one?" } [/block] Also sometimes referred to as "app code", but we try to be consistent! This is the unique identifier of your app for our system. It is generated and assigned when you create an app in the [Dashboard](https://pub.superrewards.com/login). They look something like this: `nhhpuxlrfgi.022815956433` Also see [Creating an App](doc:creating-an-app). [block:api-header] { "type": "basic", "title": "What is the Secret Key? Is that different?" } [/block] [block:callout] { "type": "danger", "title": "Secret Keys Are Secret", "body": "Please make sure you never pass a secret key in a URL or make it publicly-viewable. They are an important part of keeping your transactions safe." } [/block] A *Secret Key* is how you ensure that our notifications to you are authentic. When we send your app a notification of a transaction, we sign that notification using the key. It's a shared secret between us, so we can use it to sign the data, and you can use it to test that it was really us. Only notifications that are properly signed with the key should be accepted by your system, anything else could be something fraudulent. Also see how they are used in [Notification Postbacks](doc:notification-postbacks) and [Security: Signed URLs](doc:security-signed-urls).