Gem API carries a wide range of actions, most of which require authentication. The APIs implement an API key-based authentication scheme.
API Access
Gem partners may request access to Gem API. Gem will issue API keys that authorize access to the desired environment. Gem partners are responsible for securing access to their generated keys and must treat them like passwords. Keys must never be directly accessed by frontend applications, rather we advise that they are accessed only out-of-band.
Signing Requests
Clients are required to provide a Hash-based Message Authentication Code (HMAC) signature alongside the client's public API key and current Unix timestamp, with every API request. HMAC will authenticate the calling application and guarantee request data integrity.
Three values must be specified on each signed request. These include: X-Gem-Signature, X-Gem-Api-Key and X-Gem-Access-Timestamp.
In order to generate an HMAC signature, you need to create a SHA256 hash with a payload of <api_key>:<timestamp>, where timestamp is the current Unix timestamp.
require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://vgs.gem.co/users")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
# Use your Gem issued API Key and API Secret.
api_key = '<Gem API Key>'
secret = '<Gem API Secret>'
# Get current timestamp
timestamp = Time.now
# Generate signature from current timestamp and API Key.
signature = OpenSSL::HMAC.hexdigest("SHA256", secret, "#{api_key}:#{timestamp}")
request = Net::HTTP::Post.new(url)
request["accept"] = 'application/json'
request["content-type"] = 'application/json'
# Add required signature headers to the request object.
request["X-Gem-Access-Timestamp"] = timestamp
request["X-Gem-Api-Key"] = api_key
request["X-Gem-Signature"] = signature
response = http.request(request)
puts response.read_body