Authentication

Content

Client authentication

Consider, you received an api-key and a secret key from VersaCommerce:

  • api-key: 546fe50eeeed7205cd6fd97cda7c646cf2b96207
  • secret: c1f0ea1fe65be873c8a62a10485cc58b250ab74e
  1. Request to get the token
  2. Example in Ruby
  3. Build the authenticated requests

1. Request to get the token

https://your-shop.versacommerce.de/api/auth?api_key=546fe50eeeed7205cd6fd97cda7c646cf2b96207

If you need to get the token as XML instead of a HTTP redirect:
VersaCommerce will respond to your request with a redirection (here we use " https://app.your-domain.com/login/finalize?t=7cda7c646c") or XML output with a token ("t") parameter.

Your App should now memorize this token, because you will need it to compute the password. The password is always a MD5 hash, built from a string, composed of the secret and the token.

password = md5(secret+token)

2. Example in Ruby

  • secret: c1f0ea1fe65be873c8a62a10485cc58b250ab74e
  • token: 66f3a04b
  • password = Digest::MD5.hexdigest("c1f0ea1fe65be873c8a62a10485cc58b250ab74e" + "66f3a04b") => dccd1e9d50d45133f14d6effc727020c

3. Build the authenticated requests

Now you can build the authenticated requests to your shop's API with the api-key and the computed password as authorization parameters:

https://api_key:password@your-store.versacommerce.de/api/any-resource.xml

See this example:

https://546fe50eeeed7205cd6fd97cda7c646cf2b96207:6719b9661a086ebba81d69401f9e7ed9/ @ your-store.versacommerce.de/api/orders.xml?limit=3

To get the last 3 orders from your store, you would fire up the request with curl like this: 
$ curl -H 'Accept: application/xml' -H 'Content-Type: application/xml' \
-u 546fe50eeeed7205cd6fd97cda7c646cf2b96207:dccd1e9d50d45133f14d6effc727020c \
https://demo-coffee.versacommerce.de/api/orders.xml?limit=3
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.