Introducing New PHP, Java and .NET SDKs

Along with our mobile SDKs, Gigya recently released PHP, Java and .NET SDKs to make it even easier to interface with the Gigya API using REST. Implementing these SDKs into your web application is very straightforward and the benefits will range from simple convenience for developers to more efficient code.

We wanted to highlight several features that developers have been asking about.

Signing Requests Made Easier
For security reasons, Gigya requires that all standard REST API calls be digitally “signed” using the HMAC-SHA1 algorithm. This guarantees that requests originating from an authorized partner have not tampered with in transit. If you’re using one of our SDKs, signature calculation is now done automatically. Take a look at this quick PHP code sample and you’ll notice the signature calculation (and all other related security parameters) are performed by the SDK.

[sourcecode language=”php”]
// Define the API-Key and Secret key (the keys can be obtained from your site setup page on Gigya’s website).

// Step 1 – Defining request parameters
$params = new GSDictionary();
$params->put(“uid”, “PUT-UID-HERE”); // set the “uid” parameter to user’s ID
$params->put(“status”, “I feel great”); // set the “status” parameter to “I feel great”

// Step 2 – Sending the request
$method = “socialize.setStatus”;
$request = new GSRequest($apiKey,$secretKey,$method,$params);
$response = $request->send();

// Step 3 – handling the request’s response.
{ // SUCCESS! response status = OK
echo “Success in setStatus operation.”;
{ // Error
echo (“Got error on setStatus: ” . $response->getErrorMessage());

Validating Responses Made Easier
Gigya attaches a cryptographic signature to all responses that include user information. To verify the response is actually coming from Gigya (i.e., hasn’t been tampered with) your application should always validate this signature. If you’re using one of our SDKs, the class SigUtils will perform this signature calculation automatically. Check out this PHP code sample and you’ll see that validating Gigya response signatures is just a couple lines of code.

[sourcecode language=”php”]
// Handle ‘socialize.getUserInfo’ response
if ($response->getErrorCode()==0)
{ // SUCCESS! response status = OK

// Get ‘User’ object from the response
$user = $response->getData();

// Validate the signature
$valid = SigUtils::validateUserSignature($user->getString(“UID”,””), $user->getString(“signatureTimestamp”,””),
$secretKey, $user->getString(“UIDSignature”,””));

if ($valid)
echo (“signature is valid”);
echo (“Fraud!!!”);

Convenient Dictionary Class
The SDKs have a convenient class called GSDictionary for passing parameters when issuing requests or receiving response data. What’s nice is that you can optionally construct a GSDictionary object from a JSON string. This is particularly convenient given the frequency developers are using JSON data these days. GSDictionary also has other convenient methods for doing things like returning an array of all the keys in the dictionary or parsing parameters from a query string.

By Kevin White