The current API uses
Base64-SHA256 Authentication
HTTP Header with combination of API UserID, API Password, TimeStamp and Secret
Key.
|
APIUserID |
This is the api_user you generated from VPCart API Manager. |
|
APIPassword |
This is the api_password you generated from VPCart API Manager. |
|
TimeStamp |
This the UNIX timestamp format and must be supplied. |
|
Secret Key |
This is the api_secretkey you generated from VPCart API Manager. |
You will first need
to do string combination of API UserID, API Password and
TimeStamp using : |==|
Example :
API
UserID =
"demouser"
API
Password =
"demopassword"
TimeStamp = “152142985”
String
combination =
“demouser|==|demopassword|==|152142985”
The string combination then must
be hashed using Base64-SHA256
encryption using your
Secret Key to generate APIHash.
The
APIHash value then to be put into the HTTP header of your
request.
Below is the Request Header definition:
|
Header name |
Value |
|
Content-Type |
application/json |
|
Accept |
application/json |
|
Request Method |
POST |
|
Charset |
UTF-8 |
|
APIUserID |
This is the api_user you generated from VPCart API Manager. |
|
APIHash |
Base64-SHA256 encryption of combination string APIUserID|==|APIPassword|==|TimeStamp using your Secret Key |
|
TimeStamp |
UNIX timestamp must be supplied. |
Authentication
Response
If success
and without any JSON String input, you should get JSON response eg.
{
"Code":"00",
"Message":"Success: Authentication"
}
If failure on
authentication, you should get JSON response eg.
{
"Code":"001",
"Message":"Error: Authentication fail - METHOD must be
POST"
}
Here
are the complete list of the authentication errors :
|
Response Code |
Response Message |
|
001 |
Error: Authentication fail - METHOD must be POST |
|
002 |
Error: Authentication fail - APIUserID is empty |
|
003 |
Error: Authentication fail - TimeStamp is empty |
|
004 |
Error: Authentication fail - APIHash is empty |
|
005 |
Error: Authentication fail - TimeStamp is invalid format, format expected is 1516005576 |
|
006 |
Error: Authentication fail - TimeStamp does not within the range. Only accepted 24 hours different from server time |
|
007 |
Error: Authentication fail - APIUserID not found |
|
008 |
Error: Authentication fail - APIHash not match |
Note: Developers can use a 3rd party
tool to find out the correct Base64-SHA256 encryption of the string combination.
Follow the below steps :
1. Please open the site https://hash.online-convert.com/sha256-generator
2.
Enter the text or string combination you want to convert to a Base64-SHA256
hash
3. Click Convert File button
4. Result: base64 is the one you should generate from your application.