1. Help
  2. Links API
  3. Links API V1 Endpoints & Authentication
  4. Links API V1 Authentication

Links API V1 Authentication

Frequently Asked Questions

  • Yes, the Links V1 endpoints are still accessible.
  • No, the same credentials are used for both versions of the Links API

This documents the process for setting up signed authentication. We also support Basic Authentication for Moz Link v2 endpoints.

V1 Signed Authentication

Parameters

Signed authentication requires three query string parameters in every call:

  • AccessID: obtained when you generate your API credentials.
  • Expires: a Unix timestamp (in seconds) indicating how long the request is valid.

    Expires should be a time no more than a few minutes ahead. Setting an expiration date too far in the future may pose a security vulnerability, while values set to expire within a few seconds may time out before the call reaches the Moz Links API server. An acceptable default is 300 seconds (5 minutes) in the future.

  • Signature: an HMAC-SHA1 hash of your Access ID, the Expires parameter, and your Secret Key. The secure hash must be base64 encoded then URL-encoded before Links API accepts the signature as valid.

The first step of the Signature hash requires a line break between AccessID and Expires. This PHP code sample provides an example of how to hash and encode your Signature.

Example of a valid signed authentication string

          
<p>AccessID=member-cf180f7081&amp;Expires=1225138899&amp;Signature=LmXYcPqc%2BkapNKzHzYz2BI4SXfC%3D</p>

Was this article helpful?

Happy Yes! Amazing! Satisfied Yes! It was what I needed. Neutral Meh. It wasn’t really what I was looking for. Sad No, it wasn’t helpful at all.

Thanks for the feedback.

Contact the Help Team if you have a specific question.
Cancel

Woo! 🎉
Thanks for the feedback.

Got it.
Thanks for the feedback.