External Authentication

Each API external request has to be authenticated and authorized by the key that will be provided to the partner by Saladin.

To connect to the API, simply add 3 parameters below to the header of any API

X-Sld-Timestamp

Request call time, in seconds

X-Sld-ClientKey

Client Key is issued to 3rd Party

X-Sld-Signature (param)

The signature is generated based on the request body

How to generate the signature

The Pseudocode to generate a "signature" is as follows

POST request

// request body
body = {
    "<field_name>": <field_value>,
    "<field_name>": <field_value>,
    "<field_name>": <field_value>,
}

payload = timestamp + "." + client_key + "." + json_stringify(body)
secret = "<client_secret>"
encoded_payload = base64_safeurl_encode_no_padding(payload)
signature = HMAC_SHA256(secret, encoded_payload)

GET request

// request body
base_url = https://api.saladin.vn/vendor
location= Hanoi
order_id=88062110977884170
path = /order?location=url_encode(location)&order_id=url_encode(88062110977884170)
// path == /order?location=H%C3%A0+N%E1%BB%99i&order_id=88062110977884170

payload = timestamp + "." + client_key + "." + path
secret = "<client_secret>"
encoded_payload = base64_safeurl_encode_no_padding(payload)
signature = HMAC_SHA256(secret, encoded_payload)

Notes:

Var "path" used to generate a signature does not include the base URL.
The value of query parameters has to be encoded according to HTML 2.0 Specification RFC1866

PreviousBusiness Logic Handling

Last updated 1 year ago