Code Samples
Tools
JavaScript SDK
Hunch JavaScript SDK - The JavaScript SDK enables you to access all of the features of the Hunch API via JavaScript.
The best way to load the SDK on your site is asynchronously so it does not block other loading elements on your page
<div id="hn-root"></div>
<script>
window.hnAsyncInit = function() {
Hunch.setAuthToken('your-auth-token');
};
(function() {
var e = document.createElement('script'); e.async = true;
e.src = 'http://hunch.com/media/js/hunch-api.js';
document.getElementById('hn-root').appendChild(e);
}());
</script>
Sample Apps
Hunch Sample Application - A starting point for developers who want to build applications using the Hunch API. Available via GitHub.
Hunch Gift Application - An example of what can be built using the Hunch API. The code is almost identical to that powering Hunch Gift-o-Matic. Available via GitHub.
Authentication
Signing requests
Requests that perform actions on behalf of an application must be signed with an auth_sig to prove that the request originated from your application. The process of signing a request can be found here. Code examples follow.
Python
Signing is easily accomplished in Python, using the builtin hashlib and urllib libraries:
import hashlib, urllib
def sign_request(query_dict):
queries = sorted( (unicode(k).encode('utf-8'), unicode(v).encode('utf-8'))
for k,v in query_dict.iteritems() )
data = urllib.urlencode(queries) + APP_SECRET
return hashlib.sha1(data).hexdigest()
Ruby
require 'uri'
require 'digest/sha1'
def enc(string)
return string.gsub(/%20/,'+').gsub(/[+\/@]/,'+' => '%2B', '/' => '%2F', '@' => '%4O')
end
def get_auth_sig(url, app_secret)
params = {}
URI.parse(url).query.split('&').each do |part|
if name = part.split('=')[0] and val = part.split('=')[1]
params[name] = val
else
params[name] = ''
end
end
canonical = ''
params.sort.each do |key,val|
canonical += key + '=' + enc(val.encode('utf-8')) + '&'
end
#this removes the trailing &
canonical = canonical[0,canonical.size-1]
string_to_sign = enc(canonical) + app_secret
return Digest::SHA1.hexdigest(string_to_sign)
end
PHP
function enc($c) {
$c = str_replace(array('+', '/', '@', '%20'), array('%2B', '%2F', '%40', '+'), $c);
return $c;
}
function signUrl($url, $secret_key)
{
$original_url = $url;
$urlparts = parse_url($url);
// Build $params with each name/value pair
foreach (split('&', $urlparts['query']) as $part) {
if (strpos($part, '=')) {
list($name, $value) = split('=', $part, 2);
} else {
$name = $part;
$value = '';
}
$params[$name] = $value;
}
// Sort the array by key
ksort($params);
// Build the canonical query string
$canonical = '';
foreach ($params as $key => $val) {
$canonical .= "$key=".enc(utf8_encode($val))."&";
}
// Remove the trailing ampersand
$canonical = preg_replace("/&$/", '', $canonical);
// Build the sign
$string_to_sign = enc($canonical) . $secret_key;
// Calculate our actual signature and base64 encode it
$signature = bin2hex(hash('sha1', $string_to_sign, $secret_key));
// Finally re-build the URL with the proper string and include the Signature
$url = "{$urlparts['scheme']}://{$urlparts['host']}{$urlparts['path']}?$canonical&auth_sig=".rawurlencode($signature);
return $url;
}
Javascript
You shouldn't use client-side Javascript for signing, because it compromises your app secret. So use the following code for testing only. It requires a SHA-1 library, such as this one.
function urlencode(x) {
return escape(x).replace('+','%2B').replace('/','%2F').replace('@','%40').replace('%20','+');
}
function getAuthSig(queryDict) {
var keys = [];
for (var key in queryDict)
keys.push(key);
keys.sort();
var queries = [];
for (var i in keys)
queries.push( urlencode(keys[i]) + '=' + urlencode(queryDict[keys[i]]) );
var data = queries.join('&') + APP_SECRET;
return SHA1(data);
}