Moz API V1 Authentication
Frequently Asked Questions
Please note: Beginning August 8, 2024, Moz API will no longer support plain HTTP access. To avoid service disruption, please update any existing HTTP client configurations to HTTPS.
This documents the process for setting up signed authentication. We also support Basic Authentication for Moz Link v2 endpoints.
V1 Signed Authentication
Please note: Beginning August 8, 2024, Moz API will no longer support plain HTTP access. To avoid service disruption, please update any existing HTTP client configurations to HTTPS.
Parameters
Signed authentication requires three query string parameters in every call:
- AccessID: obtained when you generate your API credentials.
- Expires: a Unix timestamp (in seconds) indicating how long the request is valid.
Expires should be a time no more than a few minutes ahead. Setting an expiration date too far in the future may pose a security vulnerability, while values set to expire within a few seconds may time out before the call reaches the Moz Links API server. An acceptable default is 300 seconds (5 minutes) in the future.
- Signature: an HMAC-SHA1 hash of your Access ID, the Expires parameter, and your Secret Key. The secure hash must be base64 encoded then URL-encoded before Links API accepts the signature as valid.
The first step of the Signature hash requires a line break between AccessID and Expires. This PHP code sample provides an example of how to hash and encode your Signature.
Example of a valid signed authentication string
<p>AccessID=member-cf180f7081&Expires=1225138899&Signature=LmXYcPqc%2BkapNKzHzYz2BI4SXfC%3D</p>
Related Articles
Was this article helpful?
Yes! Amazing! Yes! It was what I needed. Meh. It wasn’t really what I was looking for. No, it wasn’t helpful at all.
Thanks for the feedback.