Unlike Basic authentication, HMAC authentication is user specific. Every user can generate one HMAC secret key from his or her profile page under the HMAC Auth Key tab. Mingle admins may also generate HMAC secret keys for any user.
Please note that regenerating your HMAC key will invalidate your existing key.
The following is example ruby code to fetch a projects list using HMAC authentication. It uses the api_auth gem (install gem api-auth):
require "uri" require "net/https" require "time" require "rubygems" require "api_auth" # gem install api-auth MINGLE_URL = "https://your-org.mingle-api.thoughtworks.com/api/v2/projects.xml" access_key_id = "your_username" secret_access_key = "???????????????" uri = URI.parse(MINGLE_URL) http = Net::HTTP.new(uri.host, uri.port) http.use_ssl = true request = Net::HTTP::Get.new(uri.request_uri) ApiAuth.sign!(request, access_key_id, secret_access_key) response = http.request(request) puts response.body
You can also create Mingle API requests using HMAC without library support by following these directions:
Concatenate these four fields into a single string in this format: "[ContentType],[ContentMD5],[ResourceURI],[RequestDate]". For example: "application/xml,1B2M2Y8AsgTpgAmY7PhCfg==,/api/v2/projects/my_project/card/123.xml,Fri, 16 May 2014 03:29:56 GMT"