(Delphi ActiveX) ShippingEasy.com Calculate Signature for API Authentication

Demonstrates how to calculate the shippingeasy.com API signature for authenticating requests.

Chilkat for Delphi Downloads Chilkat ActiveX DLL for Delphi Chilkat non-ActiveX DLL for Delphi * The examples here use the ActiveX DLL.

uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Chilkat_TLB;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Integer;
sbStringToSign: TChilkatStringBuilder;
httpVerb: WideString;
uriPath: WideString;
queryParamsStr: WideString;
json: TChilkatJsonObject;
dt: TCkDateTime;
bLocalTime: Integer;
unixEpochTimestamp: WideString;
your_api_key: WideString;
numReplaced: Integer;
your_api_secret: WideString;
crypt: TChilkatCrypt2;
api_signature: WideString;
http: TChilkatHttp;
queryParams: TChilkatJsonObject;
resp: IChilkatHttpResponse;

begin
// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// 
// First, concatenate these into a plaintext string using the following order:
// 
//     Capitilized method of the request. E.g. "POST"
//     The URI path
//     The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ
//     The request body as a string if one exists
//     All parts are then concatenated together with an ampersand. The result resembles something like this:
// 
// "POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{ ... request body ... }"

sbStringToSign := TChilkatStringBuilder.Create(Self);

httpVerb := 'POST';
uriPath := '/partners/api/accounts';
queryParamsStr := 'api_key=YOUR_API_KEY&api_timestamp=UNIX_EPOCH_TIMESTAMP';

// Build the following JSON that will be the body of the request:

// {
//   "account": {
//     "first_name": "Coralie",
//     "last_name": "Waelchi",
//     "company_name": "Hegmann, Cremin and Bradtke",
//     "email": "se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com",
//     "phone_number": "1-381-014-3358",
//     "address": "2476 Flo Inlet",
//     "address2": "",
//     "state": "SC",
//     "city": "North Dennis",
//     "postal_code": "29805",
//     "country": "USA",
//     "password": "abc123",
//     "subscription_plan_code": "starter"
//   }
// }

json := TChilkatJsonObject.Create(Self);
json.UpdateString('account.first_name','Coralie');
json.UpdateString('account.last_name','Waelchi');
json.UpdateString('account.company_name','Hegmann, Cremin and Bradtke');
json.UpdateString('account.email','se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com');
json.UpdateString('account.phone_number','1-381-014-3358');
json.UpdateString('account.address','2476 Flo Inlet');
json.UpdateString('account.address2','');
json.UpdateString('account.state','SC');
json.UpdateString('account.city','North Dennis');
json.UpdateString('account.postal_code','29805');
json.UpdateString('account.country','USA');
json.UpdateString('account.password','abc123');
json.UpdateString('account.subscription_plan_code','starter');

json.EmitCompact := 0;
Memo1.Lines.Add(json.Emit());

// First, let's get the current date/time in the Unix Epoch Timestamp format (which is just an integer)
dt := TCkDateTime.Create(Self);
dt.SetFromCurrentSystemTime();
// Get the UTC time.
bLocalTime := 0;
unixEpochTimestamp := dt.GetAsUnixTimeStr(bLocalTime);

// Build the string to sign:
sbStringToSign.Append(httpVerb);
sbStringToSign.Append('&');
sbStringToSign.Append(uriPath);
sbStringToSign.Append('&');
sbStringToSign.Append(queryParamsStr);
sbStringToSign.Append('&');
// Make sure to send the JSON body of a request in compact form..
json.EmitCompact := 1;
sbStringToSign.Append(json.Emit());

// Use your API key here:
your_api_key := 'f9a7c8ebdfd34beaf260d9b0296c7059';

numReplaced := sbStringToSign.Replace('YOUR_API_KEY',your_api_key);
numReplaced := sbStringToSign.Replace('UNIX_EPOCH_TIMESTAMP',unixEpochTimestamp);

// Do the HMAC-SHA256 with your API secret:
your_api_secret := 'ea210785fa4656af03c2e4ffcc2e7b5fc19f1fba577d137905cc97e74e1df53d';
crypt := TChilkatCrypt2.Create(Self);
crypt.MacAlgorithm := 'hmac';
crypt.EncodingMode := 'hexlower';
crypt.SetMacKeyString(your_api_secret);
crypt.HashAlgorithm := 'sha256';

api_signature := crypt.MacStringENC(sbStringToSign.GetAsString());
Memo1.Lines.Add('api_signature: ' + api_signature);

// --------------------------------------------------------------------
// Here's an example showing how to use the signature in a request:

// Build a new string-to-sign and create a new api_signature for the actual request we'll be sending...
sbStringToSign.Clear();
sbStringToSign.Append('GET');
sbStringToSign.Append('&');
sbStringToSign.Append('/app.shippingeasy.com/api/orders');
sbStringToSign.Append('&');
sbStringToSign.Append(queryParamsStr);
sbStringToSign.Append('&');
// There is no body for a GET request.

api_signature := crypt.MacStringENC(sbStringToSign.GetAsString());

http := TChilkatHttp.Create(Self);
queryParams := TChilkatJsonObject.Create(Self);

queryParams.UpdateString('api_signature',api_signature);
queryParams.UpdateString('api_timestamp',unixEpochTimestamp);
queryParams.UpdateString('api_key',your_api_key);

resp := http.QuickRequestParams('GET','https://app.shippingeasy.com/api/orders',queryParams.ControlInterface);
if (http.LastMethodSuccess = 0) then
  begin
    Memo1.Lines.Add(http.LastErrorText);
    Exit;
  end;

Memo1.Lines.Add('response status code = ' + IntToStr(resp.StatusCode));
Memo1.Lines.Add('response body:');
Memo1.Lines.Add(resp.BodyStr);
end;