Generating the Authentication Key

The Authentication Key is a Base64-encoded Hash-based Message Authentication Code (specifically HMAC-SHA256) to be generated on your server (not on a mobile device), using your Client Secret Key (available in the Customer Portal), and a pipe-delimited concatenated string consisting of the TokenEx ID, Timestamp, and either the Token or TokenScheme depending on which function you intend to call (see the Examples section for each respective endpoint).



The Authentication Key is only valid with a timestamp less than 20 minutes old.

Example C# HMAC Generation

private string GenerateHMAC(string concatenatedInfo, string clientSecretKey)
    var result = string.Empty;
    var hmac = new System.Security.Cryptography.HMACSHA256();
    hmac.Key = System.Text.Encoding.UTF8.GetBytes(clientSecretKey);
    var hash = hmac.ComputeHash(System.Text.Encoding.UTF8.GetBytes(concatenatedInfo));
    result = Convert.ToBase64String(hash); // Ensure the string returned is Base64 Encoded
    return result;

TokenEx ID:   YourTokenExID
Timestamp:    20180109161437
Token Scheme: sixTOKENfour
Client Secret Key: TEST

Concatenated String: 123456789987654321|20180109161437|sixTOKENfour
Authentication Key: 3mHJFag1ICQiwRdSw1QY86WUvt3IDklswf6AA/q+wdU=

HMAC Construction - TokenizeCVV

TokenEx ID: YourTokenExID
Timestamp:  20180109161437
Token:      545454587415454
Client Secret Key: TEST

Concatenated String: 123456789987654321|20180109161437|545454587415454
Authentication Key: 26WAwVdSeLl3baTY8/uOJ9A/Ljc7/TCDbMnadJ4fOqc=