We have automated pushes to our Alberta Rivers app, but are finding that the Master Secret shown within the Production app in UA is not the one that will actually work to initiate the pushes. The one that works is an older Master Secret that we cannot find in any config for any of our UA apps. Why does the Master Secret shown in UA not work? Is there some sort of encryption step we need to go through to extract the actual Master Secret?
Master Secret shown in UA app config is not the one that actually works within the API
Please sign in to leave a comment.
I'm seeing that there are two Production Alberta Rivers apps on your account. Is it possible that your automated pushes are using the incorrect App Key/Master Secret combination? You should not need to perform any kind of decryption of the keys in order to use them, unless your development team has explicitly encrypted the keys on your end.
No encryption on our end, and we ARE using the incorrect app key / master secret combination, but that is the only way we can push to our Production applications. We can get the pushes to go through using the app key from our combined Android / iOS Production app in UA, but only when used in combination with the OLD master secret that we can no longer see in our Production app. Using the new master secret - the one currently displayed in UA for that app - does not work.
Can you give us the first 5 characters of the App Keys that work(The "incorrect" ones), and the ones that do not?
Sure. The combination that works when sending pushes through our Production app is App Key starting "YYv81" and Master Secret starting "Q|5S[". When looking at the Production app in UA, I see the App Key starting "YYv81", but the Master Secret starting "Ny2PXb". This latter combination does not work.
Our App Keys and Secrets do not contain square brackets.
Your App Keys and Secrets do not ever change unless you request that due to a security incident. I do not believe this is the case with your account. Are you absolutely positive that you are not encoding the secret when sending API requests?
I would try sending a cURL request to a test device using the App Key and Master Secret that is in your dashboard, and letting us know if that works, rather than through your servers. It sounds likely that your server may be encoding the keys for security, but some additional testing will help find that out.
OK, we did some digging, and we've found the encryption that was causing this - you were correct in suggesting that that was probably the case. The encryption piece was developed originally with our alarms function a couple of years ago, and was missed in our troubleshooting of this issue. Thanks for helping us get to a resolution!
No problem, happy to help!