Authentication
Authentication
Using API Key and Shared_SECRET provided to create hmac signature authentication header.
You can find your API Key and Shared_SECRET in your Apliiq account under your stores page. You will need to add a custom store to your account to create an API Key and Shared_Secret.
Apliiq's API utilizes HMAC for it's authentication, which requires both the sender & recipient have the same APP_ID/SHARED_SECRET. This ensures that your orders can't be stolen, replayed, or tampered with. These credentials can be found in the Stores section of your Apliiq account, there you can view/reset the credentials for each of your Apliiq custom stores.
DISCLAIMER: These credentials should NOT be shared with 3rd parties, and should remain on the backend of your websites server code.
Before the request is sent, we need to gather our authentication variables.
Once we've gathered the necessary authentication variables, we can format our 'POST' request headers:
{"Authorization": "x-apliiq-auth "+RTS:SIG:APPID:STATE, "Accept": "application/json"}
RTS - Request time stamp is calculated using UNIX time (number of seconds since Jan. 1st 1970)
SIG - Signature is calculated with following algorithm :
base64_encode(HMACSHA265([APPId][RTS][STATE][Base64_ReqContentIFanyOREmptyString], Shared_SECRET))
APPID - app key
STATE - Random unique string (nonce)
* DO NOT INCLUDE YOUR SHARED SECRET IN ANY REQUESTS *
Error Codes
401 - Unauthorized
Security
It's your responsibility to ensure the security of your Shared_SECRET. Do not give your Shared_SECRET to 3rd parties, anyone who has access to this information can use the API to access your account. If you feel this information has become compromised, you can reset your API key and Shared_Secret by going to your custom store and resetting your credentials.
Code sample:
/******** C#.NET : setting up auth request *****************/
/*** NOTE ***/
Base64 extension method is using UTF8Encoding
HMAC digest should return a base64 of the hash value
/***************/
/// <summary>
/// set up the authentication request
/// </summary>
/// <param name="json">request body serialize into json</param>
/// <returns></returns>
private HttpClient requestSetup(string json)
{
TimeSpan span = DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0));
ulong requestTimeStamp = Convert.ToUInt64(span.TotalSeconds);
string APPId = [YOUR_APP_ID]
, secretKey = [YOUR_APP_SECRET]
, nonce = Guid.NewGuid().ToString().ToLower().Replace("-", "")
, requestContentBase64String = json.ToBase64();
string data = String.Format("{0}{1}{2}{3}", APPId, requestTimeStamp, nonce, requestContentBase64String);
string signature = data.Base64_HmacSha256HexDigest(secretKey);
HttpClient client = new HttpClient { BaseAddress = new Uri("https://api.apliiq.com") };
client.DefaultRequestHeaders.Add("Accept", "application/json");
client.DefaultRequestHeaders.Add("Authorization", string.Format("x-apliiq-auth {0}:{1}:{2}:{3}", requestTimeStamp, signature, APPId, nonce));
return client;
}
Related Articles
WooCommerce Order Statuses
WooCommerce Order Statuses and Troubleshooting Possible 'Missing' Orders If you are experiencing issues with orders placed in your WooCommerce store not being properly communicated to your Apliiq account, there could be a very simple explanation for ...Create Order
Introduction Create an order Overview This API enable you to send order to Apliiq. Authentication using API Key and Shared_SECRET provided to create hmac signature authentication header authorization schema x-apliiq-auth header authorization value ...Apliiq x WooCommerce x SiteGround Installation Guide
Thank you for picking Apliiq, WooCommerce, and Siteground as your partners in your clothing line! We are excited to begin working with you to get your store up and running. As you are probably aware, selling your clothing brand directly to consumers ...