{ realtimeSwitch }

Security

HMAC authentication with user sessions and account management

RealtimeSwitch uses HMAC-SHA256 authentication to secure WebSocket connections. The authentication system is based on three key concepts:

User Session

Unique identifier for each conversation session that maintains context and state throughout the interaction.

Account ID

Unique identifier for your account that provides access control and usage tracking.

HMAC Signature

Cryptographic hash generated using your account's secret key and session ID to ensure secure authentication.

HMAC Generation Examples

Here's how to generate the required HMAC-SHA256 signature in common programming languages:

const crypto = require('crypto');

function generateAuthHash(sessionId, secretKey) {
  return crypto
    .createHmac('sha256', secretKey)
    .update(sessionId, 'utf8')
    .digest('hex');
}

// Example usage
const accountId = '996-sdassds-86-asd';
const sessionId = 'test-session-browser';
const secretKey = 'secretkey-996';

const authHash = generateAuthHash(sessionId, secretKey);

async function generateAuthHash(sessionId, secretKey) {
  const encoder = new TextEncoder();
  const keyData = encoder.encode(secretKey);
  const sessionData = encoder.encode(sessionId);
  
  const key = await crypto.subtle.importKey(
    'raw', keyData,
    { name: 'HMAC', hash: 'SHA-256' },
    false, ['sign']
  );
  
  const signature = await crypto.subtle.sign('HMAC', key, sessionData);
  
  return Array.from(new Uint8Array(signature))
    .map(b => b.toString(16).padStart(2, '0'))
    .join('');
}

import hmac
import hashlib

def generate_auth_hash(session_id, secret_key):
    return hmac.new(
        secret_key.encode('utf-8'),
        session_id.encode('utf-8'),
        hashlib.sha256
    ).hexdigest()

# Example usage
account_id = '996-sdassds-86-asd'
session_id = 'test-session-browser'
secret_key = 'secretkey-996'

auth_hash = generate_auth_hash(session_id, secret_key)

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;

public static String generateAuthHash(String sessionId, String secretKey) {
    try {
        Mac mac = Mac.getInstance("HmacSHA256");
        SecretKeySpec keySpec = new SecretKeySpec(
            secretKey.getBytes(StandardCharsets.UTF_8),
            "HmacSHA256"
        );
        mac.init(keySpec);
        
        byte[] hash = mac.doFinal(sessionId.getBytes(StandardCharsets.UTF_8));
        
        StringBuilder hexString = new StringBuilder();
        for (byte b : hash) {
            String hex = Integer.toHexString(0xff & b);
            if (hex.length() == 1) hexString.append('0');
            hexString.append(hex);
        }
        return hexString.toString();
    } catch (Exception e) {
        throw new RuntimeException("Error generating HMAC", e);
    }
}

using System;
using System.Security.Cryptography;
using System.Text;

public static string GenerateAuthHash(string sessionId, string secretKey)
{
    using (var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secretKey)))
    {
        byte[] hash = hmac.ComputeHash(Encoding.UTF8.GetBytes(sessionId));
        return Convert.ToHexString(hash).ToLower();
    }
}

use hmac:{Hmac, Mac};
use sha2:Sha256;

type HmacSha256 = Hmac<Sha256>;

fn generate_auth_hash(session_id: &str, secret_key: &str) -> String {
    let mut mac = HmacSha256::new_from_slice(secret_key.as_bytes())
        .expect("HMAC can take key of any size");
    
    mac.update(session_id.as_bytes());
    
    let result = mac.finalize();
    hex::encode(result.into_bytes())
}