Authentication
Netzme uses OAuth 2 to authenticate requests to the netzme API. Before making a request to the Netzme API, a getToken endpoint request is required to get a token.
Ensure that the data in every request and response cannot be hijacked and imitated by unauthorized users, on every request sent to the Netzme api, it is necessary to include the signature generated using the SHA256-HMAC algorithm.
The following parameters Header must be included in the request header in every API call (except for the Get Token endpoint):
Key | Value |
Authorization | Bearer {{ Token }} |
Request-Time | {{ Request-Time }} |
Signature | {{ Signature }} |
Client-Id | {{ Client-Id }} |
Authorization
This parameter contains the Token which is obtained from the getToken endpoint and before the token value, it must be preceded by the Bearer. Each token has an active period of 10 hours, and each client only has 1 active token. So that when the request is repeated, the previous token automatically expires.
get Token
POST
https://tokoapi-stg.netzme.com/oauth/merchant/accesstoken
For requests to getToken endpoint, there is authentication to ensure that only authorized users can generate tokens. The authentication used at this endpoint is Basic Auth, which contains Client Id and Client Secret.
Headers
Name | Type | Description |
---|---|---|
Authorization* | string | Basic {{ Basic Auth }} |
Content-Type* | string | application/json |
Request Body
Name | Type | Description |
---|---|---|
grant_type* | string | values must be "client_credentials" |
Sample code for generate Basic Auth :
Request-Time
This parameter contains the request time in the data type long.
Client-Id
This parameter contains the client Id
Signature
This parameter contains Signature for ensure that the data in every request and response cannot be hijacked and imitated by unauthorized users.
Payload of signature :
Payload Name | Info | Sample |
path | contains path of endpoint plus query | /api/aggregator/merchant/qr/balance/detail?userId=M_pXAFWzCg |
method | POST, GET | |
requestTime | contains request time in the data type long, must equals with Request-Time in header | 1615190625765 |
body | contains payload of body request. |
Sample Raw Payload signature :
Salt of Signature :
Salt Name | Info | Sample |
client secret | contains client secret | MaREaULkzAUTAFYg |
requestTime | contains request time in the data type long, must equals with Request-Time in header | 1615190625765 |
auth | contains authorization, must equals with Authorization in header | Bearer cafebface38fe374af5bcf7579a711 658585012507d409eebb74f33fa4684711 |
Sample Salt of Signature :
Sample code generate signature :
Last updated