Changes from Regular Integration

The changes from the regular integration are around the way in which the authentication token is created upon making a request to the streaming API. There are 3 changes:

1 - Token creation is created using a HMAC SHA256 hash

Previously: HMAC MD5 Hash

Now: HMAC SHA256 Hash

2 - You can define the location of the end user using a "location" parameter in the request and token

Previously: We used the end user's IP address (the IP address that made the request to our Streaming API) to locate a user and apply geo-restrictions.

Now: We trust that the you have relevant Geo-location technology (e.g GeoComply) within your applications,and that you know where your end users are within the US and Canada. You then tell us this information the "location" parameter within the API request/Authentication token, and we use this information to apply geo-restrictions.

3 - Token creation requires additional parameters to be passed inside the authentication token

We have done this to increase security on our API. This change is particularly important because of change 2) above. If we are allowing customers to define the location of the end users, we must not make it easy for end users or malicious actors to grab Streaming API requests and easily bypass geo-restrictions.

Previously: Only the timestamp, API secret and IP address were hashed into the authentication token

Now: Timestamp, request URL, API Secret and Location info are all hashed into the authentication token.

​