Creating an authentication hash

POST variables

HASH: Hash of the company
ANNAEXEC: The generated IV, which will be used to encrypt the values of other variables
ACTION: The action to be executed
- GENERATE_USER_HASH: Generates an authentication hash for the informed user (USER_ID)
- GENERATE_USER_HASH_FORCE_USER: Create or update an user with the values from USER_ID and USER_NAME, and generates an authentication hash
- INACTIVATE_USER: Inactivates the informed user (USER_ID)
USER_ID: Corporate User ID
USER_NAME: Corporate User name
START_SERVICE: (Optional) Defines the service to be executed when opening AnnA Chat

Examples

  public string Post()
  {
      string companyHash = "YOUR_COMPANY_HASH";
      string encryptionKey = "YOUR_CORPORATE_USER_ENCRYPTION_KEY";
      string decryptionKey = "YOUR_CORPORATE_USER_DECRYPTION_KEY";
      string iv = GenerateIV();

      string action = "GENERATE_USER_HASH"; // GENERATE_USER_HASH || GENERATE_USER_HASH_FORCE_USER || INACTIVATE_USER
      string userId = "USER_ID";
      string username = "USERNAME";
      string startService = "START_SERVICE";

      string url = "YOUR_ANNA_URL/aannacorporateuser.aspx";

      string encryptedAction = Encrypt(action, encryptionKey, iv);
      string encryptedUserId = Encrypt(userId, encryptionKey, iv);
      string encryptedUserName = Encrypt(username, encryptionKey, iv);
      string encryptedStartService = Encrypt(startService, encryptionKey, iv);

      string dadosPost = "HASH=" + Uri.EscapeDataString(companyHash);
      dadosPost += "&ANNAEXEC=" + Uri.EscapeDataString(iv);
      dadosPost += "&ACTION=" + Uri.EscapeDataString(encryptedAction);
      dadosPost += "&USER_ID=" + Uri.EscapeUriString(encryptedUserId);
      dadosPost += "&USER_NAME=" + Uri.EscapeUriString(encryptedUserName);
      dadosPost += "&START_SERVICE=" + Uri.EscapeUriString(encryptedStartService);
      byte[] dados = Encoding.UTF8.GetBytes(dadosPost);

      var webRequest = WebRequest.Create(url);
      webRequest.Method = "POST";
      webRequest.ContentType = "application/x-www-form-urlencoded";
      webRequest.ContentLength = dados.Length;

      Stream dataStream = webRequest.GetRequestStream();
      dataStream.Write(dados, 0, dados.Length);
      dataStream.Close();

      WebResponse response = webRequest.GetResponse();

      using (dataStream = response.GetResponseStream())
      {
          StreamReader reader = new StreamReader(dataStream);

          string responseFromServer = reader.ReadToEnd();

          if (responseFromServer.Contains(iv))
          {
              string novoIVEncriptado = responseFromServer.Substring(responseFromServer.IndexOf(iv));
              novoIVEncriptado = novoIVEncriptado.Replace(iv, "");
              string retornoEncriptado = responseFromServer.Substring(0, responseFromServer.IndexOf(iv));

              string novoIV = Decrypt(novoIVEncriptado, encryptionKey, iv);

              string retorno = Decrypt(retornoEncriptado, decryptionKey, novoIV);

              response.Close();
              return retorno;
          }
          else
          {
              response.Close();
              return responseFromServer;
          }
      }
  }

  public async Task<ActionResult<string>> Get()
  {
      var decryptionKey = "YOUR_DECRYPTION_KEY";
      var encryptionKey = "YOUR_ENCRYPTION_KEY";
      var CompanyHash = "YOUR_COMPANY_HASH";

      string iv = GenerateIV();

      string action = "GENERATE_USER_HASH"; // GENERATE_USER_HASH || GENERATE_USER_HASH_FORCE_USER || INACTIVATE_USER
      string userId = "USER_ID";
      string username = "USERNAME";
      string startService = "START_SERVICE";

      string encryptedAction = Encrypt(action, encryptionKey, iv);
      string encryptedUserId = Encrypt(userId, encryptionKey, iv);
      string encryptedUserName = Encrypt(username, encryptionKey, iv);
      string encryptedStartService = Encrypt(startService, encryptionKey, iv);

      var dadosPost = new Dictionary<string, string>
      {
          { "HASH", CompanyHash },
          { "ANNAEXEC", iv },
          { "ACTION", encryptedAction },
          { "USER_ID", encryptedUserId },
          { "USER_NAME", encryptedUserName },
          { "START_SERVICE", encryptedStartService },
      };

      var httpClient = new HttpClient();

      string url = "YOUR_ANNA_URL/aannacorporateuser.aspx";

      var result = await httpClient.PostAsync(url, new FormUrlEncodedContent(dadosPost));
      var content = await result.Content.ReadAsStringAsync();

      if (content.Contains(iv))
      {
          string novoIVEncriptado = content.Substring(content.IndexOf(iv));
          novoIVEncriptado = novoIVEncriptado.Replace(iv, "");
          string retornoEncriptado = content.Substring(0, content.IndexOf(iv));

          string novoIV = Decrypt(novoIVEncriptado, encryptionKey, iv);

          string retorno = Decrypt(retornoEncriptado, decryptionKey, novoIV);

          return Ok(retorno);
      }

      return Ok(content);
  }

  $DecKey = "DECKEY"; 
  $EncKey = "ENCKEY";
  $Hash = "HASH";

  // Generate new IV
  $ivlen = openssl_cipher_iv_length('des-ede3-cbc');
  $IV = base64_encode(openssl_random_pseudo_bytes(8));

  $actionName = "GENERATE_USER_HASH_FORCE_USER";
  $actionNameEncriptado = encrypt3DES($actionName, $EncKey, $IV);

  $userId = "USER_ID";
  $userIdEncriptado = encrypt3DES($userId, $EncKey, $IV);

  $userName = "USER_NAME";
  $userNameEncriptado = encrypt3DES($userName, $EncKey, $IV);

  $dadosPost = array(
                      'HASH' => $Hash,
                      'ANNAEXEC' => $IV,
                      'ACTION' => $actionNameEncriptado,
                      'USER_ID' => $userIdEncriptado,
                      'USER_NAME' => $userNameEncriptado);

  $url = "URL_AMBIENTE/aannacorporateuser.aspx";
  $options = array(
      'http' => array(
          'header'  => "Content-type: application/x-www-form-urlencoded\r\n",
          'method'  => 'POST',
          'content' => http_build_query($dadosPost)
      )
  );
  $context  = stream_context_create($options);
  $result = file_get_contents($url, false, $context);

  if (str_contains($result, $IV)) {
      $novoIVEncriptado = substr($result, strpos($result, $IV));
      $novoIVEncriptado = str_replace($IV, "", $novoIVEncriptado);
      $retornoEncriptado = substr($result, 0, strrpos($result, $IV));

      $novoIV = decrypt3DES($novoIVEncriptado, $EncKey, $IV);

      $retorno = decrypt3DES($retornoEncriptado, $DecKey, $novoIV);

      echo utf8_encode($retorno);
  } else {
      echo utf8_encode($retorno);
  }

  import requests
  import json
  from Crypto.Cipher import AES, DES3, DES
  from Crypto.Util.Padding import pad, unpad
  from Crypto.Random import get_random_bytes
  from base64 import b64encode, b64decode

  # Encryption method
  def encrypt(data, enckey, iv):

      enckey = b64decode(enckey)
      iv = b64decode(iv)

      cipher = DES3.new(enckey, DES3.MODE_CBC, iv)
      ct_bytes = cipher.encrypt(
          pad(bytes(data, encoding='utf-8'), DES3.block_size))
      ciphertext = b64encode(ct_bytes).decode('utf-8')

      return ciphertext


  # Decryption method
  def decrypt(data, deckey, iv):
      try:
          deckey = b64decode(deckey)
          iv = b64decode(iv)
          data = b64decode(data)

          cipher = DES3.new(deckey, DES3.MODE_CBC, iv)
          pt = unpad(cipher.decrypt(data), DES3.block_size)

          return pt.decode('utf-8')

      except (ValueError, KeyError):
          return 'Incorrect decryption'


  # Integration variables
  url = 'https://YOUR_ANNA_URL/aannacorporateuser.aspx'
  enckey = 'ENCRYPTION_KEY'
  deckey = 'DECRYPTION_KEY'
  hash = 'COMPANY_HASH'
  action = 'ACTION'
  userId = 'USER_ID'
  userName = 'USER_NAME'
  fluxo = '@FLUXO'

  # Creating an IV
  key = get_random_bytes(8)
  cipher = DES.new(key, DES3.MODE_CBC)
  iv = b64encode(cipher.iv).decode('utf-8')

  # Encrypting data
  actionEncypted = encrypt(action, enckey, iv)
  userIdEncrypted = encrypt(userId, enckey, iv)
  userNameEncrypted = encrypt(userName, enckey, iv)
  fluxoEncrypted = encrypt(fluxo, enckey, iv)

  # Creating the submission structure
  request = {
      'HASH': hash,
      'ANNAEXEC': iv,
      'ACTION': actionEncypted,
      'USER_ID': userIdEncrypted,
      'USER_NAME': userNameEncrypted,
      'START_SERVICE': fluxoEncrypted
  }

  # Making a post for AnnA
  response = requests.post(url, request)

  # Retrieving AnnA's response
  response = response.text

  # Separating the received IV from the AnnA response string
  responseEncrypted = response.split(iv)

  # Decrypting the new IV
  newIV = decrypt(responseEncrypted[1], enckey, iv)

  # Decrypting the content of the reply
  responseDecrypt = decrypt(responseEncrypted[0], deckey, newIV)

  # Log
  print('\n')
  print('  -> Server response:\n', response)
  print('  -> Separating the new IV from the json:\n', responseEncrypted)
  print('  -> New IV: ', newIV)
  print('  -> Decrypted return: ', responseDecrypt)
  print('\n')

Welcome

AnnA Services

Web Service

Active Notifications

Corporate User

Libraries

Java

CSharp/.NET

AnnA WEB: Chat

How to access

Performing Service

Chat tools

Filters

Template

Creating an authentication hash

POST variables

Examples