(JavaScript) ShippingEasy.com Calculate Signature for API Authentication

Demonstrates how to calculate the shippingeasy.com API signature for authenticating requests.

Note: This example requires Chilkat v11.0.0 or greater.

Note

This example is intended for running within a Chilkat.Js embedded JavaScript engine. All Chilkat JavaScript examples require Chilkat v11.4.0 or greater.

var success = false;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// 
// First, concatenate these into a plaintext string using the following order:
// 
//     Capitilized method of the request. E.g. "POST"
//     The URI path
//     The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ
//     The request body as a string if one exists
//     All parts are then concatenated together with an ampersand. The result resembles something like this:
// 
// "POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{ ... request body ... }"

var sbStringToSign = new CkStringBuilder();

var httpVerb = "POST";
var uriPath = "/partners/api/accounts";
var queryParamsStr = "api_key=YOUR_API_KEY&api_timestamp=UNIX_EPOCH_TIMESTAMP";

// Build the following JSON that will be the body of the request:

// {
//   "account": {
//     "first_name": "Coralie",
//     "last_name": "Waelchi",
//     "company_name": "Hegmann, Cremin and Bradtke",
//     "email": "se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com",
//     "phone_number": "1-381-014-3358",
//     "address": "2476 Flo Inlet",
//     "address2": "",
//     "state": "SC",
//     "city": "North Dennis",
//     "postal_code": "29805",
//     "country": "USA",
//     "password": "abc123",
//     "subscription_plan_code": "starter"
//   }
// }

var json = new CkJsonObject();
json.UpdateString("account.first_name","Coralie");
json.UpdateString("account.last_name","Waelchi");
json.UpdateString("account.company_name","Hegmann, Cremin and Bradtke");
json.UpdateString("account.email","se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com");
json.UpdateString("account.phone_number","1-381-014-3358");
json.UpdateString("account.address","2476 Flo Inlet");
json.UpdateString("account.address2","");
json.UpdateString("account.state","SC");
json.UpdateString("account.city","North Dennis");
json.UpdateString("account.postal_code","29805");
json.UpdateString("account.country","USA");
json.UpdateString("account.password","abc123");
json.UpdateString("account.subscription_plan_code","starter");

json.EmitCompact = false;
console.log(json.Emit());

// First, let's get the current date/time in the Unix Epoch Timestamp format (which is just an integer)
var dt = new CkDateTime();
dt.SetFromCurrentSystemTime();
// Get the UTC time.
var bLocalTime = false;
var unixEpochTimestamp = dt.GetAsUnixTimeStr(bLocalTime);

// Build the string to sign:
sbStringToSign.Append(httpVerb);
sbStringToSign.Append("&");
sbStringToSign.Append(uriPath);
sbStringToSign.Append("&");
sbStringToSign.Append(queryParamsStr);
sbStringToSign.Append("&");
// Make sure to send the JSON body of a request in compact form..
json.EmitCompact = true;
sbStringToSign.Append(json.Emit());

// Use your API key here:
var your_api_key = "f9a7c8ebdfd34beaf260d9b0296c7059";

var numReplaced = sbStringToSign.Replace("YOUR_API_KEY",your_api_key);
numReplaced = sbStringToSign.Replace("UNIX_EPOCH_TIMESTAMP",unixEpochTimestamp);

// Do the HMAC-SHA256 with your API secret:
var your_api_secret = "ea210785fa4656af03c2e4ffcc2e7b5fc19f1fba577d137905cc97e74e1df53d";
var crypt = new CkCrypt2();
crypt.MacAlgorithm = "hmac";
crypt.EncodingMode = "hexlower";
crypt.SetMacKeyString(your_api_secret);
crypt.HashAlgorithm = "sha256";

var api_signature = crypt.MacStringENC(sbStringToSign.GetAsString());
console.log("api_signature: " + api_signature);

// --------------------------------------------------------------------
// Here's an example showing how to use the signature in a request:

// Build a new string-to-sign and create a new api_signature for the actual request we'll be sending...
sbStringToSign.Clear();
sbStringToSign.Append("GET");
sbStringToSign.Append("&");
sbStringToSign.Append("/app.shippingeasy.com/api/orders");
sbStringToSign.Append("&");
sbStringToSign.Append(queryParamsStr);
sbStringToSign.Append("&");
// There is no body for a GET request.

api_signature = crypt.MacStringENC(sbStringToSign.GetAsString());

var http = new CkHttp();
var queryParams = new CkJsonObject();

queryParams.UpdateString("api_signature",api_signature);
queryParams.UpdateString("api_timestamp",unixEpochTimestamp);
queryParams.UpdateString("api_key",your_api_key);

var resp = new CkHttpResponse();
success = http.HttpParams("GET","https://app.shippingeasy.com/api/orders",queryParams,resp);
if (success == false) {
    console.log(http.LastErrorText);
    return;
}

console.log("response status code = " + resp.StatusCode);
console.log("response body:");
console.log(resp.BodyStr);