The Deployment API for Episerver Digital Experience Service authenticates each user request using a pair of client key and a client secret.
Note: The credentials (client key and secret) are applicable to one specific DXC-S environment of a project. Every environment into which you want to deploy code needs a unique set of credentials. Authenticating the user with the credentials for each environment provides flexibility and granular control over deployments. So, as a partner developer, remember to request API credentials for all the environments that you want access to.
Episerver DXC Service Management Portal introduces a self-service option to generate deployment API credentials for anyone that has access rights to deploy code/content between DXC-S environments. You have the flexibility to manage API credentials by themselves without using Episerver Managed Services.
The API tab in the DXC Service Management Portal generates new API credentials or retrieves an existing one for a selected environment. To manage your API credentials, follow these steps:
Note: When generating new credentials, any old/existing credential for the selected environment will be removed with immediate effect. This means the users of the old API credential need to be informed with the newly generated API credential.
Before issuing a request, the client must compute a hash-based message authentication code (HMAC) that is unique to that request. The HMAC is computed as follows:
Note: The secret is never communicated across the Internet.
Each request must include an "Authorization" HTTP header, which includes the computed HMAC and other supporting parameters. The value of the header must be in the following format.
Note: This format can be customized.
The parameters comprising this header include:
Note: The app key, timestamp, and nonce must exactly match the values applied in the computation of the HMAC.
Last updated: Oct 18, 2019