VGcG8uUx

1DITTO iOS Engineer Evaluation
2======
3
4This programming challenge is used to evaluate engineering candidates. It is designed to take two hours to complete. The overall goal is to present a UIViewController, then asynchronously (without blocking the UI) connect to a DITTO secure server and retrieve an image, and display the image. 
5
6In order to connect to the DITTO servers our auth protocol must be implemented. See section *Implementing Auth* below. After auth signatures are successfully generated the code should utilize our REST API for image retrieval. See section *Retrieving TryOn’s From DITTO Servers* below.
7
8To assist in the evaluation the following information should be used:
9* `tryon_id` = `user_ping_test`
10* `partner_id` = `playground`
11* `product_id` = `glasses_ping_test`
12* `host_name` = `vto-sandbox.playground.api.ditto.com`
13* `access_key_id` = `346e23a38acb8560`
14* `secret_key` = `55d318cb741920e17957d4b8cc06422bcda912303455f15e21946ba6f0b24b8ab326ff2187b34de81128be5e09d5949248cf781ae0a0232c853cc37f816de001`
15
16#### Step 1: Implement Auth
17
18DITTO Authentication and Authorization protocol utilizes a HMAC-SHA-512 hash generated with a message that contains a timestamp for time limited signature. The steps to generate the signature are below:
191. `timestamp`: 
20The timestamp is seconds since unix utc epoch or the seconds since January 1, 1970 at 00:00:00 UTC
212. `message`: 
22The message should be a combination of `tryon_id` and the `timestamp` combined with a `.` as a separator. E.g. `tryon_id.1232345234`.
233. `hash`: 
24A HMAC-SHA-512 hash is generated by using both the `message` and a secret key. The `secret_key` is a hex string and must be converted to the binary data it represents in order to be used by HMAC-SHA-512 algorithm. The resulting hash must then be converted into a _URL safe base64 string_ with the padding `=` at the end be removed.
254. Signature: 
26The `signature` is a string combining the `message` and `hash` with `.` as a separator. E.g. `tryon_id.1232345234.hash`
275. Request Headers:
28All the future REST calls require the auth `signature` and `access_key_id` be passed in via the headers of the request as shown below:
29> X-Ditto-Access-Key-Id: `access_key_id`
30> X-Ditto-Signature: `signature`
316. (Hint: import CommonCrypto)
32
33NOTE: If you are testing the api without re-computing the hash every time, the signature will only be considered valid within half an hour of the timestamp.
34
35#### Step 2: Retrieving TryOn’s From DITTO Servers
36
37DITTO's TryOns are split into individual frames similar to how a video has individual frames. The server is capable of detecting the frame where the user looked directly at the camera. This frame is called the frontal frame. In order to render the frontal frame, the frame number must be requested and parsed from the JSON returned during the HTTP GET request on the `dittos` endpoint:
38> https://`host_name`/api/1.3/dittos/`tryon_id`
39
40Once a frontal frame number is determined a REST GET call to strip can be made to render glasses onto the TryOn frame into an image at 
41> https://`host_name`/api/1.3/dittos/`tryon_id`/strip/?product_id=`product_id`&frames=`frame_num`
42
43#### Step 3: Submitting Your Work
44
45To finish this test please reply to the email with the code / Xcode project you used, and following questions answered:
46
47* What was in the image? (Or just attach it to the email)
48
49#### Bonus 
50
51Our servers can put many different glasses on dittos. Try utilizing our `products` endpoint to see what other glasses are available to render, then present those together in a collection view in the view controller.
52> https://`host_name`/api/1.3/products/ 
53
54 To access the `products` endpoint, you need to create a new msg, signature and header. Follow [Step 1], with a small change, replace tryon_id with partner_id. 
55
56#### Bonus Bonus
57
58Write some code to compute a "histogram" of the approximate RGB color values for all the pixels in the image and present the result.