API authentication is handled by signing each request using your public API key and private API secret (found here https://app.shippingeasy.com/settings/api_credentials). Authentication for the partner API also requires signing the request, instead using your ShippingEasy-issued partner API key and secret.
How to calculate a signature
First, concatenate these into a plaintext string using the following order:
- Capitilized method of the request. E.g. "POST"
- The URI path
- The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC¶m2=XYZ
- The request body as a string if one exists
- All parts are then concatenated together with an ampersand. The result resembles something like this:
"POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{"{\"account\":{\"first_name\":\"Coralie\",\"last_name\":\"Waelchi\",\"company_name\":\"Hegmann, Cremin and Bradtke\",\"email\":\"[email protected]\",\"phone_number\":\"1-381-014-3358\",\"address\":\"2476 Flo Inlet\",\"address2\":\"\",\"state\":\"SC\",\"city\":\"North Dennis\",\"postal_code\":\"29805\",\"country\":\"USA\",\"password\":\"abc123\",\"subscription_plan_code\":\"starter\"}}"
Secondly, using your Partner API secret encrypt the string using HMAC sha256. In ruby, it looks like this:
OpenSSL::HMAC::hexdigest("sha256", api_secret, "POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{"{\"account\":{\"first_name\":\"Coralie\",\"last_name\":\"Waelchi\",\"company_name\":\"Hegmann, Cremin and Bradtke\",\"email\":\"[email protected]\",\"phone_number\":\"1-381-014-3358\",\"address\":\"2476 Flo Inlet\",\"address2\":\"\",\"state\":\"SC\",\"city\":\"North Dennis\",\"postal_code\":\"29805\",\"country\":\"USA\",\"password\":\"abc123\",\"subscription_plan_code\":\"starter\"}}")
API Timestamp
You must include an API timestamp in your requests. The timestamp should be an integer representation of the current time (also known as Unix epoch time).