You can find your API Key and Shared_SECRET in your Apliiq account under your
stores page. You will need to add a custom store to your account to create an API Key and Shared_Secret.
Apliiq's API utilizes HMAC for it's authentication, which requires both the sender & recipient have the same APP_ID/SHARED_SECRET. This ensures that your orders can't be stolen, replayed, or tampered with. These credentials can be found in the Stores section of your Apliiq account, there you can view/reset the credentials for each of your Apliiq custom stores.
DISCLAIMER: These credentials should NOT be shared with 3rd parties, and should remain on the backend of your websites server code.
Before the request is sent, we need to gather our authentication variables.
Once we've gathered the necessary authentication variables, we can format our 'POST' request headers:
{"Authorization": "x-apliiq-auth "+RTS:SIG:APPID:STATE, "Accept": "application/json"}
It's your responsibility to ensure the security of your Shared_SECRET. Do not give your Shared_SECRET to 3rd parties, anyone who has access to this information can use the API to access your account. If you feel this information has become compromised, you can reset your API key and Shared_Secret by going to your custom store and resetting your credentials.
/// set up the authentication request
/// </summary>
/// <param name="json">request body serialize into json</param>
/// <returns></returns>
private HttpClient requestSetup(string json)
{
TimeSpan span = DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0));
ulong requestTimeStamp = Convert.ToUInt64(span.TotalSeconds);
string APPId = [YOUR_APP_ID]
, secretKey = [YOUR_APP_SECRET]
, nonce = Guid.NewGuid().ToString().ToLower().Replace("-", "")
, requestContentBase64String = json.ToBase64();
string data = String.Format("{0}{1}{2}{3}", APPId, requestTimeStamp, nonce, requestContentBase64String);
string signature = data.Base64_HmacSha256HexDigest(secretKey);
client.DefaultRequestHeaders.Add("Accept", "application/json");
client.DefaultRequestHeaders.Add("Authorization", string.Format("x-apliiq-auth {0}:{1}:{2}:{3}", requestTimeStamp, signature, APPId, nonce));
return client;
}