Authentication
This section is critical, authentication is REQUIRED for accessing every open APIs.
Create API Key
- Navigate to
CRM Back Office - Settings - Dev Space - Open API KeysPage - Create an API Key
Note:
API Key will only display one time after creation. Please copy and save your API Key into a secure location. If you lose your API key, please delete and create another.
Warning
For data security, please ensure that the API key is kept safely.
Key Authentication
Requesting every API in this documentation requires authentication via the above API key. Please attach the API key as a http header of the request.
| HTTP Header | value |
|---|---|
| key | API Key created from CRM |
Signature
Any POST/PATCH/PUT API that contains a request body will need to sign the request and provide the signature as a HTTP header.
| HTTP Header | value |
|---|---|
| signature | calculated using the algorithm below |
Signature Algorithm
- Set the request or return data as set M, and sort the parameters of non-empty parameter values in the set M according to the ASCII code of the parameter name from smallest to largest (dictionary order), using the URL key-value pair format (ie key1=value1&key2=value2... ) It is spliced into a string (String A).
- After the character transferred, splice API Key to obtain the string to be encrypted (StringB), perform SHA-1 operation on StringB, transfer the obtained value as a hexadecimal string, and finally convert all characters of the obtained string to uppercase to obtain the signature.
Note
The encrypted set M is all the parameters of the request, including fields with empty values. However, it is recommended to exclude empty fields in the request body first.
Sample JavaScript code to obtain the signature
let query = Object.keys(data)
.sort()
.reduce((result, key) => result + key + '=' + data[key] + '&', "")
.slice(0, -1);
let sign = crypto.createHash('sha1').update(query + key).digest('hex').toUpperCase();
query = '&'.join([f"{key}={data[key]}" for key in sorted(data)])
sign = hashlib.sha1((query + key).encode('utf-8')).hexdigest().upper()
Error Codes
| HTTP Code | Error Type | Description |
|---|---|---|
403 | invalid_api_key | API key is not exist or invalid |
403 | invalid_signature | Signature does not match |