The standard authentication header used for requests.

This type provides a mechanism to provide one-time use authentication details.

Important Points

  1. The Username entered should exactly match that provided by BeautyFort.
  2. A Username links to an account on either the test or live BeautyFort system, the same Username cannot be used for both the test and live BeautyFort systems.
  3. The Nonce value should be a randomly generated string containing between 1 and 45 characters.
  4. The same Nonce value cannot be used for the same Username value within a 5 minute period.
  5. The Created value must be within 5 minutes of the BeautyFort system time for authentication to succeed.
  6. The Password value is calculated as: base64 encoded(sha1(Nonce . Created . Secret)), where . indicates concatenation, an explicit example is included in the field details below.
back to top


<bf:AuthHeader> <bf:Username> string </bf:Username> <bf:Nonce> string </bf:Nonce> <bf:Created> dateTime </bf:Created> <bf:Password> string </bf:Password> </bf:AuthHeader>
Field Type Occurrence Description
Username string Required

The unique API username of the account to be accessed.

Nonce string Required

The random string used to calculate and confirm the Password. A nonce value cannot be repeated within a five minute period for authentication to succeed.

Example: "186269"

Created dateTime Required

The date and time the request was created. This value is used to calculate and confirm the Password. This value must be within five minutes of the BeautyFort system time, with allowances for different timezones.

Example: "2015-07-08T11:31:53+01:00"

Password string Required

The calculated password value used to authenticate the account details.
Calculated as: base64 encoded(sha1(Nonce . Created . Secret)).

Using the above Nonce and Created values and the Secret "Ok4IWYLBHbKn8juM1gFPvQxadieZmS2" the Password value would be "ZDg3MTZiZTgwYTMwYWY4Nzc4OGFjMmZhYjA5YzM3MTdlYmQ1M2ZkMw=="