Skip to main content

review attempt by HMAC

Review Exam Attempt By HMAC

  • Allows a user to review the exam he has attempted.
  • User would be redirected to testpress page where users can review the exam.
  • User can check the subject wise analytics / time analytics, correct and incorrect questions.
  • Comments/doubts can be posted by user to questions and can also see comments posted by peer students.

HTTP Request

GET /exams/attempts/?id=<id>&hmac=<hmac>&time=<time>

How to create HMAC

HMAC (Hash-based message authentication code) is used to avoid tampering during the request flow. We use a time based HMAC algorithm to limit the lifetime of the HMAC.

The HMAC is calculated using the following algorithm:

  • Get the values of 'email', 'first_name', 'institute_attempt_id', 'key', 'time'
  • Percentage encode the values
  • time will be time since epoch in seconds
  • Create a string by appending the above percentage encoded values using | pipe character. Maintain the same order while appending (uses alphabetical order of the keys)
  • Calculate the HMAC using HMAC-SHA256 with the secret
  • Secret can be received from the admin dashboard

message = id|institute_attempt_id|key|time, message, hashlib.sha256).hexdigest()

idstringAttempt ID provided by testpress
institute_attempt_idstring Institute's attempy Id
keystringPublic institute key provided by Testpress to identify the Institute
timestringTime since epoch used during the HMAC creation
hmacstringHMAC generated using the below algorithm