All requests sent to the API must include a signature and the account identifier to authenticate the request. So add the following headers to all requests:
| Header Name | Header Value |
| Authorization | Your account key |
| Mpowered-Signature | Calculated signature (see below) |
Your account key and your API secret key will be supplied directly to you.
Creating the Signature
- Create a string starting with the URL being called (excluding the domain, eg. if the GET request is to https://suppliermanagement.co.za/api/suppliers, then this value is "/api/suppliers")
- If the request is a POST, then append to the string from step 1 all of the parameters as follows:
- Ordered parameters by key
- Write out the parameters as key1=value1key2=value2, etc. without spaces or quotes.
- Eg. Parameters such as {"trading_name": "Joe's Widgets", "registration_number": 123} would result in a string registration_number=123trading_name=Joe's Widgets
- Encrypt this with HMAC using a SHA256, your private API secret key and the resulting string from step 2. Repeat this encryption a fixed number of times (a number that will be provided to you when you sign up).
- Base 64 encode the result and that is the signature
Implementations
Comments
0 comments
Please sign in to leave a comment.