API Document for Embedded Travel Insurance
  • Embedded Travel Insurance
    • User Journey Overview
      • Purchase Flow
      • Update Policy Flow
      • Claim Flow
    • API document
      • The older API versions
        • API V1
    • Business Logic Handling
  • External Authentication
Powered by GitBook
On this page

External Authentication

Each API external request has to be authenticated and authorized by the key that will be provided to the partner by Saladin.

To connect to the API, simply add 3 parameters below to the header of any API

X-Sld-Timestamp

Request call time, in seconds

X-Sld-ClientKey

Client Key is issued to 3rd Party

X-Sld-Signature (param)

The signature is generated based on the request body

How to generate the signature

The Pseudocode to generate a "signature" is as follows

POST request

// request body
body = {
    "<field_name>": <field_value>,
    "<field_name>": <field_value>,
    "<field_name>": <field_value>,
}

payload = timestamp + "." + client_key + "." + json_stringify(body)
secret = "<client_secret>"
encoded_payload = base64_safeurl_encode_no_padding(payload)
signature = HMAC_SHA256(secret, encoded_payload)

GET request

// request body
base_url = https://api.saladin.vn/vendor
location= Hanoi
order_id=88062110977884170
path = /order?location=url_encode(location)&order_id=url_encode(88062110977884170)
// path == /order?location=H%C3%A0+N%E1%BB%99i&order_id=88062110977884170

payload = timestamp + "." + client_key + "." + path
secret = "<client_secret>"
encoded_payload = base64_safeurl_encode_no_padding(payload)
signature = HMAC_SHA256(secret, encoded_payload)

Notes:

  • Var "path" used to generate a signature does not include the base URL.

PreviousBusiness Logic Handling

Last updated 1 year ago

The value of query parameters has to be encoded according to HTML 2.0 Specification

RFC1866