Generating API signature using PHP

A request to the GFI HelpDesk REST API is simply an HTTPHypertext Transfer Protocol - A protocol for exchange of hypertext documents in HTML. request with the URLUniform Resource Locator is the address of a web page on the world wide web. set to the path of the helpdesk app (such as Base), the controller (like User), and the parameters containing the payload of the request.

Unlike the GFI HelpDesk Staff API, the REST API does not require a staff user account to authenticate. The REST API authenticates to the helpdesk using an API key and a secret.

By using the API key, your connecting application gains access to your helpdesk's data. This means that the REST API has no concept of staff, team, or department permissions.

Every request you make to the API must carry with it an API key, a randomly generated salt string, and a signature. This topic focuses on providing the steps to generate the signature for API calls using PHP.

The signature is computed by hashing the salt and the secret key for every request you make to the API. The signature is a SHA256 hash of the salt with the secret key used as the hashing key.

To generate an API signature, follow the steps below:

  1. Login to Admin CP and go to REST API > API Information.
  2. API information navigation

  3. Copy your REST API key and secret key information.
  4. Edit the PHP code snippet template below by following these instructions:
  5. Replace the values of the $apiKey and $secretKey variables with the REST API and secret key information you have obtained.

    In this example, a static 10-digit number is used as the value of salt. It is less secure, but it makes the process more straightforward. You can also generate a random string for the value of salt using PHPTester. After determining your 10-digit salt, replace mt_rand() with the salt code, for example, $salt = 1234567890;.


    $apiKey = "apikey";


    $secretKey = "secretkey";


    // Generates a random string of ten digits

    $salt = mt_rand();


    // Computes the signature by hashing the salt with the secret key as the key

    $signature = hash_hmac('sha256', $salt, $secretKey, true);


    // base64 encode...

    $encodedSignature = base64_encode($signature);


    // urlencode...

    $encodedSignature = urlencode($encodedSignature);


    echo "Voila! A signature: " . $encodedSignature;



  6. Copy the code snippet and go to PHPTester. Paste the code on the first field. Click the Click to test your php code button to generate a signature key.

PHP tester