Partner Authentication


Short description

Partner Authentication allows PTV xServer to be restricted for specific applications. It is based on the well-known Google Authenticator (which relies on RFC4226).


Partner Authentication is used for other PTV Products where PTV xServer is supplied as a sub-component. But it can also be used in customer projects where it must be ensured that only authorized applications have access to PTV xServer.

Detailed Consideration

How it works

For Partner Authentication the client and PTV xServer share a secret key. The client uses the key and the current time to calculate a One-Time Password which is then added to the HTTP header 'PARTNER_AUTHENTICATION' of a request. PTV xServer verifies this password before it calculates the request. If the password is not valid the request is rejected with an exception. The algorithm requires that the clocks of the client and the server are roughly synchronized because the passwords change in 30-second intervals. The figure below illustrates these steps.

Partner authentication steps

Set up Partner Authentication

Partner Authentication is set up by using a dedicated license. So please contact your PTV representative to obtain a license with activated Partner Authentication. With this license you will also receive the shared secret which is needed to authorize your client application.

Use Partner Authentication with C# clients

To calculate the current One-Time Password C# clients can use this NuGet library
using TwoStepsAuthenticator;
string secret = "TheSecretKey";
TimeAuthenticator authenticator = new TimeAuthenticator();
string code = authenticator.GetCode(secret);

Use Partner Authentication with Java clients

Java developers can use the GoogleAuth library for calculating One-Time Passwords:

import com.warrenstrange.googleauth.GoogleAuthenticator;
String secret = "TheSecretKey";
GoogleAuthenticator googleAuthenticator = new GoogleAuthenticator();
String oneTimePassword = Integer.toString(googleAuthenticator.getTotpPassword(secret));

Authentication in Raw Request Runner

You can use Google's Authenticator (available for Android and iOS) to create passwords for executing requests in the Raw Request Runner. Just add a new account in the Authenticator app and enter your xServer secret. Then open the Raw Request Runner and click the envelope icon to open up the HTTP header editor window. Then type in 'PARTNER_AUTHENTICATION:' and the current password from the authenticator app. Now you can execute the request!

Highlighted Screenshot | Authentication in Raw Request Runner

Good to know


xRuntime.*, xData.listHighPerformanceRoutingNetworks, xData.listContentSnapshots and xDima.listDistanceMatrices are not restricted by a partner license.

Developer's GuideHTTP Requests