Skip to main content
MindTouch Success Center

Validate your API token for integration

Written by Ben Terris
Product Analyst at MindTouch
This page applies to:MindTouch (current)

This article provides instructions and examples for validating your server API token in order to gain access to the MindTouch API.

Before applying your server API token you need to generate that token. Review our documentation on how to generate a server API token.


What you'll need

You should have recorded the following when generating your API token:  

  • Key
  • Secret

How to use your server API token

To gain access to the MindTouch API, you first need to pass the server API token to MindTouch. Your token will be in the following format:


Server API credential breakdown

key Provided with your server API token.
epoch The current time in Unix timestamp (e.g. Current time: 02/03/2015 @ 5:10am (UTC); Unix timestamp: 1422940200).
hash MindTouch requires HMAC SHA256 hashing of server API tokens. The benefit of HMAC SHA256 over plain SHA256 is it provides MindTouch the ability to detect if the hashed token has been tampered with since being generated by your server.



The following are code snippets for PHP, C# and Node.js to get you started:

PHP example

C# example

Node.js example


Upon receipt, MindTouch calculates the same credentials and matches them to the credentials received. Once validated, your integration can access the MindTouch API.

important note   Your credentials are time sensitive. If processed too long after the time stamp is generated, your request will be denied.

  • Was this article helpful?