# External Authentication

Each API external request has to be authenticated and authorized by the key that will be provided to the partner by Saladin.

To connect to the API, simply add 3 parameters below to the header of any API

| X-Sld-Timestamp         | Request call time, in seconds                        |
| ----------------------- | ---------------------------------------------------- |
| X-Sld-ClientKey         | Client Key is issued to 3rd Party                    |
| X-Sld-Signature (param) | The signature is generated based on the request body |

## How to generate the signature

The Pseudocode to generate a "signature" is as follows

#### POST request

```js
// request body
body = {
    "<field_name>": <field_value>,
    "<field_name>": <field_value>,
    "<field_name>": <field_value>,
}

payload = timestamp + "." + client_key + "." + json_stringify(body)
secret = "<client_secret>"
encoded_payload = base64_safeurl_encode_no_padding(payload)
signature = HMAC_SHA256(secret, encoded_payload)
```

#### GET request

```js
// request body
base_url = https://api.saladin.vn/vendor
location= Hanoi
order_id=88062110977884170
path = /order?location=url_encode(location)&order_id=url_encode(88062110977884170)
// path == /order?location=H%C3%A0+N%E1%BB%99i&order_id=88062110977884170

payload = timestamp + "." + client_key + "." + path
secret = "<client_secret>"
encoded_payload = base64_safeurl_encode_no_padding(payload)
signature = HMAC_SHA256(secret, encoded_payload)
```

Notes:

* Var "path" used to generate a signature does not include the base URL.
* The value of query parameters has to be encoded according to HTML 2.0 Specification [RFC1866](https://datatracker.ietf.org/doc/html/rfc3986)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://travelins.saladin.vn/external-authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.