The key implementation changed recently to be less "complicated".

Security Service setup

This wiki page explains how to create a security key, which is needed to enable the security service.

Choose a “private” key and client ID

First you need a database with a table to store the client ID and a "private" key

• “private” key: <myprivatekey>
• client_id: <myclientid>

To store the client ID and API key create a table in a PostgreSQL database and insert the "private" key(s) with client ID, for example:

auth=# CREATE TABLE users(id serial, client_id text NOT NULL, key text NOT NULL); 

auth=# INSERT INTO users(client_id,key) VALUES('routing','1234567890abcdefghi');
INSERT 0 1
auth=#

Generate additional request parameters

• signature: md5(<myclientid>)
• api_key: md5(<myclientid>)

Configure service

Before starting the service you need to add the security service in configuration.xml to each provider that should require authentication:

<service name="security" title="Security" enable="true">
	<description>Authentication service</description>

	<connection driver="org.postgresql.Driver">
		<url>jdbc:postgresql://[hostname]:[port]/[database]</url>
		<user>[username]</user>
		<password>[password]</password>
	</connection>

	<sql>
		<query transformProjectionIn="false" transformProjectionOut="false">SELECT client_id, key FROM users</query>		
	</sql>

	<parameters>
		<parameter name="api_key" type="text" codename="api_key" required="true" />
		<parameter name="signature" type="text" codename="signature" required="true" />
		<parameter name="id" type="text" codename="id" required="true" />
	</parameters>
</service>