{"_id":"54cc2149380ecd0d00ca18b7","__v":0,"parentDoc":null,"version":{"_id":"54cc2148380ecd0d00ca18aa","__v":2,"forked_from":"5436a1e1d0ffee0e00f18f8f","project":"5436a1e1d0ffee0e00f18f8c","createdAt":"2015-01-31T00:26:48.753Z","releaseDate":"2015-01-31T00:26:48.753Z","categories":["54cc2149380ecd0d00ca18ab","54cc2149380ecd0d00ca18ac","54cc2149380ecd0d00ca18ad","54cc2149380ecd0d00ca18ae","54cc2149380ecd0d00ca18af","54cc2149380ecd0d00ca18b0","54cc2149380ecd0d00ca18b1","54cc2149380ecd0d00ca18b2","54cc2149380ecd0d00ca18b3","552f29ca633a5b0d00e99d09"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.1.0","version":"1.1"},"project":"5436a1e1d0ffee0e00f18f8c","category":{"_id":"54cc2149380ecd0d00ca18ab","__v":1,"project":"5436a1e1d0ffee0e00f18f8c","version":"54cc2148380ecd0d00ca18aa","pages":["54cc2149380ecd0d00ca18b4","54cc2149380ecd0d00ca18b5","54cc2149380ecd0d00ca18b6","54cc2149380ecd0d00ca18b7"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-10-09T14:55:29.547Z","from_sync":false,"order":0,"slug":"documentation","title":"Documentation"},"user":"5436a1afb7cf0e1c0020d9ca","updates":["54400f868b86280800497c99"],"next":{"pages":[],"description":""},"createdAt":"2014-10-09T15:33:11.279Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"auth":"never","params":[],"url":""},"isReference":false,"order":3,"body":"API authentication is handled by signing each request using your public API key and private API secret (found here https://app.shippingeasy.com/settings/api_credentials). Authentication for the partner API also requires signing the request, instead using your ShippingEasy-issued partner API key and secret. \n[block:api-header]\n{\n  \"type\": \"basic\",\n  \"title\": \"How to calculate a signature\"\n}\n[/block]\nFirst, concatenate these into a plaintext string using the following order:\n\n1. Capitilized method of the request. E.g. \"POST\"\n2. The URI path\n3. The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ\n4. The request body as a string if one exists\n5. All parts are then concatenated together with an ampersand. The result resembles something like this:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"\\\"POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{\\\"{\\\\\\\"account\\\\\\\":{\\\\\\\"first_name\\\\\\\":\\\\\\\"Coralie\\\\\\\",\\\\\\\"last_name\\\\\\\":\\\\\\\"Waelchi\\\\\\\",\\\\\\\"company_name\\\\\\\":\\\\\\\"Hegmann, Cremin and Bradtke\\\\\\\",\\\\\\\"email\\\\\\\":\\\\\\\"se_greg_6d477b1e59e8ff24abadfb59d3a2de3e:::at:::shippingeasy.com\\\\\\\",\\\\\\\"phone_number\\\\\\\":\\\\\\\"1-381-014-3358\\\\\\\",\\\\\\\"address\\\\\\\":\\\\\\\"2476 Flo Inlet\\\\\\\",\\\\\\\"address2\\\\\\\":\\\\\\\"\\\\\\\",\\\\\\\"state\\\\\\\":\\\\\\\"SC\\\\\\\",\\\\\\\"city\\\\\\\":\\\\\\\"North Dennis\\\\\\\",\\\\\\\"postal_code\\\\\\\":\\\\\\\"29805\\\\\\\",\\\\\\\"country\\\\\\\":\\\\\\\"USA\\\\\\\",\\\\\\\"password\\\\\\\":\\\\\\\"abc123\\\\\\\",\\\\\\\"subscription_plan_code\\\\\\\":\\\\\\\"starter\\\\\\\"}}\\\"\",\n      \"language\": \"text\",\n      \"name\": \"API Signature String\"\n    }\n  ]\n}\n[/block]\nSecondly, using your Partner API secret encrypt the string using HMAC sha256. In ruby, it looks like this:\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"OpenSSL::HMAC::hexdigest(\\\"sha256\\\", api_secret, \\\"POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{\\\"{\\\\\\\"account\\\\\\\":{\\\\\\\"first_name\\\\\\\":\\\\\\\"Coralie\\\\\\\",\\\\\\\"last_name\\\\\\\":\\\\\\\"Waelchi\\\\\\\",\\\\\\\"company_name\\\\\\\":\\\\\\\"Hegmann, Cremin and Bradtke\\\\\\\",\\\\\\\"email\\\\\\\":\\\\\\\"se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com\\\\\\\",\\\\\\\"phone_number\\\\\\\":\\\\\\\"1-381-014-3358\\\\\\\",\\\\\\\"address\\\\\\\":\\\\\\\"2476 Flo Inlet\\\\\\\",\\\\\\\"address2\\\\\\\":\\\\\\\"\\\\\\\",\\\\\\\"state\\\\\\\":\\\\\\\"SC\\\\\\\",\\\\\\\"city\\\\\\\":\\\\\\\"North Dennis\\\\\\\",\\\\\\\"postal_code\\\\\\\":\\\\\\\"29805\\\\\\\",\\\\\\\"country\\\\\\\":\\\\\\\"USA\\\\\\\",\\\\\\\"password\\\\\\\":\\\\\\\"abc123\\\\\\\",\\\\\\\"subscription_plan_code\\\\\\\":\\\\\\\"starter\\\\\\\"}}\\\")\",\n      \"language\": \"ruby\",\n      \"name\": \"Calculating the API signature in Ruby\"\n    }\n  ]\n}\n[/block]\n\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"API Timestamp\",\n  \"body\": \"You must include an API timestamp in your requests. The timestamp should be an integer representation of the current time (also known as Unix epoch time).\"\n}\n[/block]","excerpt":"","slug":"authentication-signing-requests","type":"basic","title":"Authentication"}
API authentication is handled by signing each request using your public API key and private API secret (found here https://app.shippingeasy.com/settings/api_credentials). Authentication for the partner API also requires signing the request, instead using your ShippingEasy-issued partner API key and secret. [block:api-header] { "type": "basic", "title": "How to calculate a signature" } [/block] First, concatenate these into a plaintext string using the following order: 1. Capitilized method of the request. E.g. "POST" 2. The URI path 3. The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ 4. The request body as a string if one exists 5. All parts are then concatenated together with an ampersand. The result resembles something like this: [block:code] { "codes": [ { "code": "\"POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{\"{\\\"account\\\":{\\\"first_name\\\":\\\"Coralie\\\",\\\"last_name\\\":\\\"Waelchi\\\",\\\"company_name\\\":\\\"Hegmann, Cremin and Bradtke\\\",\\\"email\\\":\\\"se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com\\\",\\\"phone_number\\\":\\\"1-381-014-3358\\\",\\\"address\\\":\\\"2476 Flo Inlet\\\",\\\"address2\\\":\\\"\\\",\\\"state\\\":\\\"SC\\\",\\\"city\\\":\\\"North Dennis\\\",\\\"postal_code\\\":\\\"29805\\\",\\\"country\\\":\\\"USA\\\",\\\"password\\\":\\\"abc123\\\",\\\"subscription_plan_code\\\":\\\"starter\\\"}}\"", "language": "text", "name": "API Signature String" } ] } [/block] Secondly, using your Partner API secret encrypt the string using HMAC sha256. In ruby, it looks like this: [block:code] { "codes": [ { "code": "OpenSSL::HMAC::hexdigest(\"sha256\", api_secret, \"POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{\"{\\\"account\\\":{\\\"first_name\\\":\\\"Coralie\\\",\\\"last_name\\\":\\\"Waelchi\\\",\\\"company_name\\\":\\\"Hegmann, Cremin and Bradtke\\\",\\\"email\\\":\\\"se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com\\\",\\\"phone_number\\\":\\\"1-381-014-3358\\\",\\\"address\\\":\\\"2476 Flo Inlet\\\",\\\"address2\\\":\\\"\\\",\\\"state\\\":\\\"SC\\\",\\\"city\\\":\\\"North Dennis\\\",\\\"postal_code\\\":\\\"29805\\\",\\\"country\\\":\\\"USA\\\",\\\"password\\\":\\\"abc123\\\",\\\"subscription_plan_code\\\":\\\"starter\\\"}}\")", "language": "ruby", "name": "Calculating the API signature in Ruby" } ] } [/block] [block:callout] { "type": "info", "title": "API Timestamp", "body": "You must include an API timestamp in your requests. The timestamp should be an integer representation of the current time (also known as Unix epoch time)." } [/block]