{"_id":"54cc2149380ecd0d00ca18c2","parentDoc":null,"__v":2,"user":"5436a1afb7cf0e1c0020d9ca","version":{"_id":"54cc2148380ecd0d00ca18aa","__v":2,"forked_from":"5436a1e1d0ffee0e00f18f8f","project":"5436a1e1d0ffee0e00f18f8c","createdAt":"2015-01-31T00:26:48.753Z","releaseDate":"2015-01-31T00:26:48.753Z","categories":["54cc2149380ecd0d00ca18ab","54cc2149380ecd0d00ca18ac","54cc2149380ecd0d00ca18ad","54cc2149380ecd0d00ca18ae","54cc2149380ecd0d00ca18af","54cc2149380ecd0d00ca18b0","54cc2149380ecd0d00ca18b1","54cc2149380ecd0d00ca18b2","54cc2149380ecd0d00ca18b3","552f29ca633a5b0d00e99d09"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.1.0","version":"1.1"},"project":"5436a1e1d0ffee0e00f18f8c","category":{"_id":"54cc2149380ecd0d00ca18b2","project":"5436a1e1d0ffee0e00f18f8c","__v":2,"version":"54cc2148380ecd0d00ca18aa","pages":["54cc2149380ecd0d00ca18bc","54cc2149380ecd0d00ca18bd","54cc2149380ecd0d00ca18be","54cc2149380ecd0d00ca18bf","54cc2149380ecd0d00ca18c0","54cc2149380ecd0d00ca18c1","54cc2149380ecd0d00ca18c2","55cbcc534cf2180d00bb1bf4"],"sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-10-30T14:26:30.616Z","from_sync":false,"order":7,"slug":"php-client","title":"PHP client"},"updates":["579251a808d7110e0085f6a4"],"next":{"pages":[],"description":""},"createdAt":"2014-10-30T14:31:33.934Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"results":{"codes":[]},"settings":"","auth":"never","params":[],"url":""},"isReference":false,"order":6,"body":"The ShippingEasy API will hit a callback URL when an order, or a part of an order, has been shipped. The request to the callback URL will be also signed with the same shared secret found in the store's API settings.\n\nThis PHP library provides an Authenticator to handle verifying the signed request from ShippingEasy. Here's an example of how to use it (after you configured the libaray with your credentials in the step above):\n[block:code]\n{\n  \"codes\": [\n    {\n      \"code\": \"<?php\\n$json = file_get_contents('php://input');\\n$json_payload = json_decode($json);\\n$authenticator = new ShippingEasy_Authenticator(\\\"post\\\", \\\"/callback\\\", $_REQUEST, $json);\\n$authenticator.isAuthenticated(); # returns true or false\",\n      \"language\": \"php\"\n    }\n  ]\n}\n[/block]\nThe arguments for the constructor are as follows:\n\n* **http_method** - The method of the http request. E.g. \"post\" or \"get\".\n* **path** - The path of the request's uri. E.g. \"/orders/callback\"\n* **params** - An associative array of the request's query string parameters. E.g. array(\"api_signature\" => \"asdsadsad\", \"api_timestamp\" => \"1234567899\")\n* **json** - The request body as a JSON string (_not_ the PHP equivalent).\n* **api_secret** - Optional. The ShippingEasy API secret for the customer account. Defaults to the global configuration if set.","excerpt":"","slug":"php-callback-authentication","type":"basic","title":"Callback authentication"}

Callback authentication


The ShippingEasy API will hit a callback URL when an order, or a part of an order, has been shipped. The request to the callback URL will be also signed with the same shared secret found in the store's API settings. This PHP library provides an Authenticator to handle verifying the signed request from ShippingEasy. Here's an example of how to use it (after you configured the libaray with your credentials in the step above): [block:code] { "codes": [ { "code": "<?php\n$json = file_get_contents('php://input');\n$json_payload = json_decode($json);\n$authenticator = new ShippingEasy_Authenticator(\"post\", \"/callback\", $_REQUEST, $json);\n$authenticator.isAuthenticated(); # returns true or false", "language": "php" } ] } [/block] The arguments for the constructor are as follows: * **http_method** - The method of the http request. E.g. "post" or "get". * **path** - The path of the request's uri. E.g. "/orders/callback" * **params** - An associative array of the request's query string parameters. E.g. array("api_signature" => "asdsadsad", "api_timestamp" => "1234567899") * **json** - The request body as a JSON string (_not_ the PHP equivalent). * **api_secret** - Optional. The ShippingEasy API secret for the customer account. Defaults to the global configuration if set.