Developer Authentication

All API requests require authentication. Developers are issued an API key and a secret access key when they register with Peel. Developers must then digitally sign their requests using the following HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code). This authentication "signature" must be passed in the HTTP Authorization header. The following pseudo-grammar illustrates the construction of the HTTP Authorization header:

Authorization: "Peel" + " " + PeelAPIKey + ":" + Signature

Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( SecretAccessKey, StringToSign ) ) )

StringToSign = HTTP-Method + "\n" + Content-Type + "\n" + Date + "\n" + Resource

HTTP-Method = <HTTP method, e.g., "GET", "POST">

Content-Type = <Value of HTTP Content-Type header>

Date = <Value of HTTP Date header>

Resource = <HTTP-Path of request, e.g, "/tvdb/search/shows", etc.>

HMAC-SHA1 is an algorithm that takes two byte strings as input: a key and a message. Use your secret access key as the key and the UTF-8 encoding of the StringToSign as the message. The output of HMAC-SHA1 is also a byte string, called the digest. The Signature is constructed by Base64 encoding this digest.

If a parameter in StringToSign isn't available, e.g., Content-Type, then use a blank string ("").

Developer Sandbox Credentials & Endpoint

Here are the credentials and endpoint that a developer can use to experiment with Peel's Tune-in API:

Access key: 8d89e255456a45df90be94c680a89c17

Secret key: 3ba1ca087cc14cc7808f2987da3db9d0


Java SDK for Tune-in API

Tune-in SDK

Javadoc for Tune-in SDK

API Resources