The ShippingEasy API will hit your callback URL when an order, or a part of an order, has been shipped. The request to the callback URL will be also signed with the same shared secret found in the store's API settings. We highly recommend you verify the signature, to ensure the request is from ShippingEasy.
The package provides an Authenticator to handle verifying the signed request from ShippingEasy. Here's an example of how to use it:
string apiSecret = "850fd4e023478758360b0d1d1817448f0a57b3176be25ffe8a7cf2236eca9ec3";
var authenticator = new ShippingEasy.Authenticator(apiSecret);
bool verified = authenticator.Verify("POST", "/callback", "", "{\"shipment\":{\"id\":\"1234\"}}");
The arguments for the method are:
- httpMethod - The HTTP method used for the request. Can usually be retrieved from System.Web.HttpContext.Current.Request.HttpMethod
- path - The path without querystring for the request. Can usually be retrieved from Request.Path
- queryString - The querystring for the request. Can usually be retrieved from Request.QueryString.ToString() or Request.ServerVariables["QUERY_STRING"]
- requestBody - The payload posted to the callback endpoint