Ingresse Developer Portal

Welcome to the Ingresse API developer portal. You'll find comprehensive guides and documentation to help you start working with Ingresse API as quickly as possible, as well as support if you get stuck. Let's jump right in!

Get Started    Guides & Tutorials

Creating a Request

How to make a request to Ingresse API.

Ingresse API is a platform through where it is possible to use Ingresse core technology and offer a customized and unique experience from your event to your customers.

It is necessary to get both API keys for your application. Ingresse is still a closed beta, but you can sign up to receive a noticication when it comes open.

Subscribe here

Request Format

To request calls for Ingresse services, it is necessary to send you access information through the URL. Those information are:

  • publickey: api key provided by Ingresse.
  • signature: a hash key created by your application using the rules described in the section "Generating the signature"
  • timestamp: the current timestamp.

Request example

https://api.ingresse.com/event?publickey=s7dg4do3y6903fc0647b61d7112ee1h367d9qj5h6&signature=L8w92nyQux4zyZogQD%2BjAq9olaY%3D&timestamp=2016-11-08T14%3A50%3A26Z

Generating the Signature

To generate the signature you will need to follow the steps below:

  1. Generate the timestamp for the current date in the format 'Y-m-d\TH:i:s\Z' in GMT timezone. Ex.: $timestamp = gmdate('Y-m-d\TH:i:s\Z');
  2. Concatenate your publickey generating a new string. Ex.: $data1 = $publickey . $timestamp;
  3. Create a hash with sha1 criptography using the string from the other line and your private key. Ex.: $data2 = hash_hmac('sha1', $data, $privatekey, TRUE);
  4. The hash generated must be a binary RAW, so transform the hash in base 64. Ex.: $computedSignature = base64_encode($data2);

Then you have the signature to be used in your requests as a GET parameter. We just added up some examples below so you can try it out.

import base64
import hmac
import urllib
from datetime import datetime
from hashlib import sha1


def signature(public_key, private_key):
	_timestamp = datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%SZ")
	_sha1      = hmac.new(private_key, public_key + _timestamp, sha1).digest()
	signature  = base64.b64encode(_sha1)
	
	params = {
		"publickey": public_key,
		"signature": signature,
		"timestamp": _timestamp,
	}
	
	return urllib.urlencode(params)
<?php
    //date_default_timezone_set('America/Sao_Paulo');
    $timestamp = gmdate('Y-m-d\TH:i:s\Z');
    $publickey = '<YOUR PUBLIC KEY>';
    $privatekey = '<YOUR PRIVATE KEY>';
    
    $data = $publickey . $timestamp;
    $computedSignature = base64_encode(hash_hmac('sha1', $data, $privatekey, TRUE));
    
    $connectionString = "publickey=" . $publickey . "&signature=".urlencode($computedSignature)."&timestamp=".urlencode($timestamp);
    
    echo $connectionString;
?>
require 'openssl'
require 'digest/sha1'
require 'base64'

module IngresseAPI
  # Handle Ingresse API signature generation
  class Signature
    def initialize
      @public_key  = Rails.configuration.ingresse['public_key']
      @private_key = Rails.configuration.ingresse['private_key']
    end

    def generate
      data = to_sha1(key: @private_key, message: "#{@public_key}#{formatted_timestamp}")
      get_params(computedSignature: to_base64(data), timestamp: formatted_timestamp)
    end

    private

    def formatted_timestamp
      @formatted_timestamp ||= Time.now.utc.strftime('%Y-%m-%dT%TZ')
    end

    def to_sha1(options = {})
      OpenSSL::HMAC.digest('sha1', options[:key], options[:message])
    end

    def to_base64(value)
      Base64.strict_encode64(value)
    end

    def get_params(options = {})
      params =  "?publickey=#{@public_key}"
      params << "&signature=#{CGI::escape(options[:computedSignature])}"
      params << "&timestamp=#{CGI::escape(options[:timestamp])}"

      params
    end
  end
end

// Usage:
// IngresseApi().setKeys(publicKey: "PUBLIC", privateKey: "PRIVATE").getUrl(path: "/login")
public class IngresseApi: NSObject {
	private var publicKey: String = ""
  private var privateKey: String = ""

	public func setKeys(publicKey: String, privateKey: String) - > IngresseApi {
		self.publicKey = publicKey
		self.privateKey = privateKey

		return self
	}

	public func getUrl(path: String) - > String {
		let signature = generateAuthString(publicKey: publicKey, privateKey: privateKey)
		let url = "https://api.ingresse.com/\(path)?\(signature)"

		return url
	}

	/// Generate ingresse auth string
	/// - Parameters:
	///   - publicKey: app's public key
	///   - privateKey: app's private key
	/// - Returns: Auth string with public key, signature and timestamp
	private func generateAuthString(publicKey: String, privateKey: String) - > String {
		let timestamp = Date().toString(format: .gmtTimestamp)
		let signature = getSignature(publicKey, privateKey, timestamp)
		let queryString = "publickey=\(publicKey)&signature=\(signature)&timestamp=\(timestamp)"

		return queryString
	}

	/// Ingresse signature string
	/// - Parameters:
	///   - publicKey: app's public key
	///   - privateKey: app's private key
	///   - timestamp: current timestamp
	/// - Returns: Encrypted signature
	private func getSignature(_ publicKey: String, _ privateKey: String, _ timestamp: String) - > String {
		let data = publicKey.appending(timestamp)
		let signature = HMACSHA1.hash(data, key: privateKey) !

		return signature.stringWithPercentEncoding() !
	}
}
using System;
using System.Text;
using System.Web;
using System.Security.Cryptography;

namespace Ingresse
{
    public class Api
    {
        public static void Main(string[] args)
        {
            string queryString = GetIngresseQueryString();
            Console.WriteLine(queryString);
        }
        
        // Genrerate Ingresse authorization query string
        public static string GetIngresseQueryString() 
        {
            String publicKey  = "your-publick-key";
            String privateKey = "your-private-key";
            
            String timeStamp  = DateTime.UtcNow.ToString("yyyy-MM-ddTHH:mm:ssZ"); 
            String signature  = HashData(privateKey, publicKey + timeStamp);
            
            return AuthorizationQueryString(publicKey, signature, timeStamp);
        }
        
        // Generate authorization query string
        public static string AuthorizationQueryString(string publicKey, string signature, string timeStamp) 
        {
            return "?publickey=" + HttpUtility.UrlEncode(publicKey) + 
                  "&signature=" + HttpUtility.UrlEncode(signature) + 
                  "&timestamp=" + HttpUtility.UrlEncode(timeStamp);
        }
        
        // Generate an HMAC encripted with SHA1
        public static string HashData(string secret, string dataToSign)
        {
            byte[] secretBytes = UTF8Encoding.UTF8.GetBytes(secret);
            HMACSHA1 hmac      = new HMACSHA1(secretBytes);
            
            byte[] dataBytes = UTF8Encoding.UTF8.GetBytes(dataToSign);
            Byte[] calcHash  = hmac.ComputeHash(dataBytes);
            
            return System.Convert.ToBase64String(calcHash);
        }
    }
}
/**
 *  NodeJS: 
 *    - npm install crypto-js
 *    - require("crypto-js")
 * 
 *  or
 * 
 *  WEB:
 *    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/components/enc-base64-min.js"></script>
 *    <script src="https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/hmac-sha1.js"></script>
 */
 
function signature(publicKey, privateKey) {
   var timestamp = new Date().toJSON().replace(/\.\d+/, '');
   var sha1      = CryptoJS.HmacSHA1(publicKey + timestamp, privateKey);
   var signature = sha1.toString(CryptoJS.enc.Base64);

   return '?publickey=' + encodeURIComponent(publicKey) + '&signature=' + encodeURIComponent(signature) + '&timestamp=' + encodeURIComponent(timestamp);
}

Requesting User Token

To request user token, redirect your user to https://www.ingresse.com/login. The prompted page must be used to login. By default, the return is a JSON like the one below:

{
    token: "1111-1a1a1a1a1a1a1a1a1a1a1a1a1",
    userId: 1111,
    authToken: "2a2a2a2a2a2a2a2a2a2a2a2aa2a2a2"
}

Beside it, in the request https://www.ingresse.com/login you will be able to send as a query parameter the returnUrl with the URL to where redirect the user after the login. Your application will be able to get those information as query string parameter usertoken, through the redirect.

URL example

https://www.ingresse.com/login?returnurl=http%3A%2F%2Fwww.meusite.com.br%2Fmeu-evento%2Fpagamento&publickey=s7dg4do3y6903fc0647b61d7112ee1h367d9qj5h6&signature=L8w92nyQux4zyZogQD%2BjAq9olaY%3D&timestamp=2016-11-08T14%3A50%3A26Z

What's Next

Learn how to request the user token from Ingresse and provide a custom experience for your users.

Ingresse Login

Creating a Request

How to make a request to Ingresse API.