Apliiq API Authentication Guide: Secure Access Using HMAC

Authentication

Authentication

Using API Key and Shared_SECRET provided to create hmac signature authentication header.


You can find your API Key and Shared_SECRET in your Apliiq account under your stores page.  You will need to add a custom store to your account to create an API Key and Shared_Secret.

Apliiq's API utilizes HMAC for it's authentication, which requires both the sender & recipient have the same APP_ID/SHARED_SECRET. This ensures that your orders can't be stolen, replayed, or tampered with. These credentials can be found in the Stores section of your Apliiq account, there you can view/reset the credentials for each of your Apliiq custom stores (how to setup).

API key option on store page


DISCLAIMER: These credentials should NOT be shared with 3rd parties, and should remain on the backend of your websites server code.

Before the request is sent, we need to gather our authentication variables.

Once we've gathered the necessary authentication variables, we can format our 'POST' request headers:

{"Authorization": "x-apliiq-auth "+RTS:SIG:APPID:STATE, "Accept": "application/json"}


RTS - Request time stamp is calculated using UNIX time (number of seconds since Jan. 1st 1970)

SIG - Signature is calculated with following algorithm :

base64_encode(HMACSHA265([APPId][RTS][STATE][Base64_ReqContentIFanyOREmptyString], Shared_SECRET))

APPID - app key

STATE - Random unique string (nonce)

* DO NOT INCLUDE YOUR SHARED SECRET IN ANY REQUESTS *


Error Codes

401 - Unauthorized

Security

It's your responsibility to ensure the security of your Shared_SECRET.  Do not give your Shared_SECRET to 3rd parties, anyone who has access to this information can use the API to access your account.  If you feel this information has become compromised, you can reset your API key and Shared_Secret by going to your custom store and resetting your credentials.

Code sample:
/******** C#.NET : setting up auth request *****************/
/*** NOTE ***/
//Base64 extension method is using UTF8Encoding
public static string ToBase64(this string source){

    UTF8Encoding encoding = new UTF8Encoding();
    byte[] hashsource = encoding.GetBytes(source);
    return Convert.ToBase64String(hashsource);

}
//HMAC digest should return a base64 of the hash value
/***************/
/// <summary>
/// set up the authentication request
/// </summary>
/// <param name="json">request body serialize into json</param>
/// <returns></returns>
private HttpClient requestSetup(string json)
{
    TimeSpan span = DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1, 0, 0, 0));

    ulong requestTimeStamp = Convert.ToUInt64(span.TotalSeconds);

    string APPId =  [YOUR_APP_ID]
        , secretKey =  [YOUR_APP_SECRET]
        , nonce = Guid.NewGuid().ToString().ToLower().Replace("-", "")
        , requestContentBase64String = json.ToBase64();

    string data = String.Format("{0}{1}{2}{3}", APPId, requestTimeStamp, nonce, requestContentBase64String);

    string signature = data.Base64_HmacSha256HexDigest(secretKey);

    HttpClient client = new HttpClient { BaseAddress = new Uri("https://api.apliiq.com") };
    client.DefaultRequestHeaders.Add("Accept", "application/json");
    client.DefaultRequestHeaders.Add("Authorization", string.Format("x-apliiq-auth {0}:{1}:{2}:{3}", requestTimeStamp, signature, APPId, nonce));

    return client;
}





    • Related Articles

    • Create Order

      Introduction Create an order Overview This API enable you to send order to Apliiq. Authentication using API Key and Shared_SECRET provided to create hmac signature authentication header authorization schema x-apliiq-auth header authorization value ...

    • Warehouse API Endpoints

      These endpoints are currently in development. This document outlines the Warehouse API for our application, providing details on endpoints, authentication, request formats, and response structures. It is intended for developers integrating with our ...

    • WooCommerce Order Statuses

      WooCommerce Order Statuses and Troubleshooting Possible 'Missing' Orders If you are experiencing issues with orders placed in your WooCommerce store not being properly communicated to your Apliiq account, there could be a very simple explanation for ...

    • WooCommerce Advanced Troubleshooting Guide

      The Apliiq WooCommerce plugin uses Basic Authentication protocol supported by the WooCommerce Api. Since everyone's WooCommerce store is hosted separately, there maybe additional configuration changes required on your version of WooCommerce to work ...

    • Apliiq x WooCommerce x SiteGround Installation Guide

      Thank you for picking Apliiq, WooCommerce, and Siteground as your partners in your clothing line! We are excited to begin working with you to get your store up and running. As you are probably aware, selling your clothing brand directly to consumers ...