1.3.10
OAS 3.1.0
Lastmily External API documentation
External API auth
API credentials
In order to send an authenticated request on our API, first, you must acquire
your $client_id
& $client_secret
Create the signature
Firstly, you have to acquire yous $client_id
.
Then you must acquire the current timestamp $current_timestamp
in unix epoch
format (this has to be sent on the headers also and must be exactly the same
value).
If the request has body you have to base64_encoded it into the $rawRequestBody
Finally, concatenate those elements as
$client_id + $current_timestamp [ + $rawRequestBody ]
into
the $stringToBeHashed
variable.
After that you must hash_hmac
with sha256
the $stringToBeHashed
given
your $client_secret
as the hash key
How to send the request
Request must have the following headers *
- Content-Type: application/json
- Authorization: Bearer
$client_id
- x-time:
$current_timestamp
- x-sign:
$currentSign
- Finally, when applicable, add the body as json
Example in PHP
<?php
# Help vars
$client_id = 'CLIENT_ID';
$client_secret = 'CLIENT_SECRET';
$current_timestamp = '1638355463';
// For the request body, if not `empty()` do the following
// when empty, do append nothing
$rawRequestBody = { 'id' => 4 }; //=> base64_encode($rawRequestBody) => RAW_BODY_BASE64_ENCODED
// Concatenation of parts
$stringToBeHashed = $client_id . $current_timestamp ;
// if body exist append it(for POST or PUT etc. append it like the example below)
$stringToBeHashed .= base64_encode($rawRequestBody);
$x_sign= hash_hmac('sha256', $stringToBeHashed, $client_secret);
// Example concatenated string:
//$stringToBeHashed = 'CLIENT_ID1638355463RAW_BODY_BASE64_ENCODED'; // => when body
//$stringToBeHashed = 'CLIENT_ID1638355463'; // => when no body
Example in JS (POSTMAN)
let moment = require('moment');
var timestamp = moment().unix();
//timestamp =1670416987
pm.environment.set('client_id','');
pm.environment.set('client_secret', '');
var bdenc= CryptoJS.enc.Utf8.parse(pm.request.body.raw);
var bdencStr= ''
if (pm.request.body.raw){
var bdenc= CryptoJS.enc.Utf8.parse(pm.request.body.raw);
console.log('NOT NULL');
bdencStr= CryptoJS.enc.Base64.stringify(bdenc);
}
var stringToBeHashed=(pm.environment.get('client_id')+timestamp+bdencStr);
var sha256 = CryptoJS.HmacSHA256(stringToBeHashed, pm.environment.get('client_secret')).toString(CryptoJS.enc.Hex);
console.log("timestamp: "+timestamp);
console.log("rawRequestBody___: " + bdencStr);
console.log("stringToBeHashed__: "+stringToBeHashed);
console.log("hash_hmac___: "+ sha256);
pm.environment.set('current_sign', sha256);
pm.request.headers.add({
key: 'x-time',
value: timestamp
});
pm.request.headers.add({
key: 'x-sign',
value: pm.environment.get('current_sign')
});
Example in .NET
public static (string, string) Get_x_time_x_sign() {
//unix epoch timestamp
string x_time = DateTimeOffset.UtcNow.ToUnixTimeSeconds().ToString();
//string to be hashed
string string_to_be_hashed = string.Concat(client_id, x_time);
//use client secret as key
var keyByte = encoding.GetBytes(client_secret);
using (var hmacsha256 = new HMACSHA256(keyByte)) {
hmacsha256.ComputeHash(encoding.GetBytes(string_to_be_hashed));
byte[ ] bytes = hmacsha256.Hash;
//convert to string hex format
string x_sign = "";
for (int i = 0; i < bytes.Length; i++)
x_sign += bytes[ i ].ToString("X2");
return (x_time, x_sign.ToLower());
}
}
Example in Python
def get_headers(payload=None):
current_timestamp = str(int(time.time()))
client_id = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
client_secret = 'priv_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
string_to_be_hashed = client_id + current_timestamp
if payload:
base64_payload = base64.b64encode(json.dumps(payload).encode()).decode()
string_to_be_hashed += base64_payload
signature = hmac.new(client_secret.encode(), msg=string_to_be_hashed.encode(), digestmod=hashlib.sha256)
headers = {
'Content-Type': 'application/json',
'Authorization': f'Bearer {client_id}',
'x-time': current_timestamp,
'x-sign': signature.hexdigest()
}
return headers
Lastmily Production Host
Client Libraries