Verified hash
Some endpoints require a hash
query parameter that contains a hash verifying the POST
request body data. The hash is comprised of the query parameters sorted by name, concatenated (recursively) into one string, hashed (sha256) with SHthe client signature secret and finally base64 URL encoded. The verification hash ensures that the data being POST
-ed has not been tampered with by a middleman.
Note: After the string is base64 encoded you should replace +
with -
and /
with _
. Also you should remove trailing =
.
The sort algorithm is natsort ("Natural order string comparison").
{
"a" : "zebra",
"x" : "banana",
"c" : {
"b" : "orange",
"c" : "monkey",
"a" : "sun"
},
"b" : "tree"
}
Should give the following string after concat: zebratreesunorangemonkeybanana
Hashing example
PHP
<?php
function recursiveArrayToString($data)
{
if (!is_array($data)) {
return "$data";
}
$ret = "";
uksort($data, 'strnatcmp');
foreach ($data as $v) {
$ret .= recursiveArrayToString($v);
}
return $ret;
}
function base64UrlEncode($input)
{
return rtrim(strtr(base64_encode($input), '+/', '-_'), '=');
}
function createHash($data, $secret)
{
$string = recursiveArrayToString($data);
return base64UrlEncode(hash_hmac("sha256", $string, $secret, true));
}
$sign_secret = 'foobar';
$data = [
'requestReference' => $ref, // unique to reqest
'clientReference' => $localOrderId, // freely useable by client
'paymentOptions' => 2,
'items' => [
['productId' => 100002, 'clientItemReference' => 'first item'],
['name' => 'A magazine', 'description' => 'It is really great', 'price' => 2000, 'vat' => 2500],
['productId' => 100002, 'name' => 'Banana', 'description' => 'One', 'price' => 1500, 'vat' => 2500, 'quantity' => 1, 'clientItemReference' => 'itemRef4'],
]
];
$data['hash'] = createHash($data, $sign_secret);
$client->api('/user/123/charge', 'POST', $data);
Help us improve
Did you spot an error? Or maybe you just have a suggestion for how we can improve? Leave a comment, or better yet, send us a pull request on GitHub to fix it (in-browser editing, only takes a moment).
Comments/feedback
Do you have questions, or just want to contribute some newly gained insight? Want to share an example? Please leave a comment. Our team reads and responds to every question. Additionally, your experience can help others using Schibsted account, and it can help us continuously improve our documentation.