Sample code for 30+ languages & platforms
Delphi DLL

ShippingEasy.com Calculate Signature for API Authentication

See more HTTP Misc Examples

Demonstrates how to calculate the shippingeasy.com API signature for authenticating requests.

Chilkat Delphi DLL Downloads

Delphi DLL
uses
    Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
    Vcl.Controls, Vcl.Forms, Vcl.Dialogs, Vcl.StdCtrls, Http, CkDateTime, HttpResponse, StringBuilder, JsonObject, Crypt2;

...

procedure TForm1.Button1Click(Sender: TObject);
var
success: Boolean;
sbStringToSign: HCkStringBuilder;
httpVerb: PWideChar;
uriPath: PWideChar;
queryParamsStr: PWideChar;
json: HCkJsonObject;
dt: HCkDateTime;
bLocalTime: Boolean;
unixEpochTimestamp: PWideChar;
your_api_key: PWideChar;
numReplaced: Integer;
your_api_secret: PWideChar;
crypt: HCkCrypt2;
api_signature: PWideChar;
http: HCkHttp;
queryParams: HCkJsonObject;
resp: HCkHttpResponse;

begin
success := False;

// This example requires the Chilkat API to have been previously unlocked.
// See Global Unlock Sample for sample code.

// 
// First, concatenate these into a plaintext string using the following order:
// 
//     Capitilized method of the request. E.g. "POST"
//     The URI path
//     The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ
//     The request body as a string if one exists
//     All parts are then concatenated together with an ampersand. The result resembles something like this:
// 
// "POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{ ... request body ... }"

sbStringToSign := CkStringBuilder_Create();

httpVerb := 'POST';
uriPath := '/partners/api/accounts';
queryParamsStr := 'api_key=YOUR_API_KEY&api_timestamp=UNIX_EPOCH_TIMESTAMP';

// Build the following JSON that will be the body of the request:

// {
//   "account": {
//     "first_name": "Coralie",
//     "last_name": "Waelchi",
//     "company_name": "Hegmann, Cremin and Bradtke",
//     "email": "se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com",
//     "phone_number": "1-381-014-3358",
//     "address": "2476 Flo Inlet",
//     "address2": "",
//     "state": "SC",
//     "city": "North Dennis",
//     "postal_code": "29805",
//     "country": "USA",
//     "password": "abc123",
//     "subscription_plan_code": "starter"
//   }
// }

json := CkJsonObject_Create();
CkJsonObject_UpdateString(json,'account.first_name','Coralie');
CkJsonObject_UpdateString(json,'account.last_name','Waelchi');
CkJsonObject_UpdateString(json,'account.company_name','Hegmann, Cremin and Bradtke');
CkJsonObject_UpdateString(json,'account.email','se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com');
CkJsonObject_UpdateString(json,'account.phone_number','1-381-014-3358');
CkJsonObject_UpdateString(json,'account.address','2476 Flo Inlet');
CkJsonObject_UpdateString(json,'account.address2','');
CkJsonObject_UpdateString(json,'account.state','SC');
CkJsonObject_UpdateString(json,'account.city','North Dennis');
CkJsonObject_UpdateString(json,'account.postal_code','29805');
CkJsonObject_UpdateString(json,'account.country','USA');
CkJsonObject_UpdateString(json,'account.password','abc123');
CkJsonObject_UpdateString(json,'account.subscription_plan_code','starter');

CkJsonObject_putEmitCompact(json,False);
Memo1.Lines.Add(CkJsonObject__emit(json));

// First, let's get the current date/time in the Unix Epoch Timestamp format (which is just an integer)
dt := CkDateTime_Create();
CkDateTime_SetFromCurrentSystemTime(dt);
// Get the UTC time.
bLocalTime := False;
unixEpochTimestamp := CkDateTime__getAsUnixTimeStr(dt,bLocalTime);

// Build the string to sign:
CkStringBuilder_Append(sbStringToSign,httpVerb);
CkStringBuilder_Append(sbStringToSign,'&');
CkStringBuilder_Append(sbStringToSign,uriPath);
CkStringBuilder_Append(sbStringToSign,'&');
CkStringBuilder_Append(sbStringToSign,queryParamsStr);
CkStringBuilder_Append(sbStringToSign,'&');
// Make sure to send the JSON body of a request in compact form..
CkJsonObject_putEmitCompact(json,True);
CkStringBuilder_Append(sbStringToSign,CkJsonObject__emit(json));

// Use your API key here:
your_api_key := 'f9a7c8ebdfd34beaf260d9b0296c7059';

numReplaced := CkStringBuilder_Replace(sbStringToSign,'YOUR_API_KEY',your_api_key);
numReplaced := CkStringBuilder_Replace(sbStringToSign,'UNIX_EPOCH_TIMESTAMP',unixEpochTimestamp);

// Do the HMAC-SHA256 with your API secret:
your_api_secret := 'ea210785fa4656af03c2e4ffcc2e7b5fc19f1fba577d137905cc97e74e1df53d';
crypt := CkCrypt2_Create();
CkCrypt2_putMacAlgorithm(crypt,'hmac');
CkCrypt2_putEncodingMode(crypt,'hexlower');
CkCrypt2_SetMacKeyString(crypt,your_api_secret);
CkCrypt2_putHashAlgorithm(crypt,'sha256');

api_signature := CkCrypt2__macStringENC(crypt,CkStringBuilder__getAsString(sbStringToSign));
Memo1.Lines.Add('api_signature: ' + api_signature);

// --------------------------------------------------------------------
// Here's an example showing how to use the signature in a request:

// Build a new string-to-sign and create a new api_signature for the actual request we'll be sending...
CkStringBuilder_Clear(sbStringToSign);
CkStringBuilder_Append(sbStringToSign,'GET');
CkStringBuilder_Append(sbStringToSign,'&');
CkStringBuilder_Append(sbStringToSign,'/app.shippingeasy.com/api/orders');
CkStringBuilder_Append(sbStringToSign,'&');
CkStringBuilder_Append(sbStringToSign,queryParamsStr);
CkStringBuilder_Append(sbStringToSign,'&');
// There is no body for a GET request.

api_signature := CkCrypt2__macStringENC(crypt,CkStringBuilder__getAsString(sbStringToSign));

http := CkHttp_Create();
queryParams := CkJsonObject_Create();

CkJsonObject_UpdateString(queryParams,'api_signature',api_signature);
CkJsonObject_UpdateString(queryParams,'api_timestamp',unixEpochTimestamp);
CkJsonObject_UpdateString(queryParams,'api_key',your_api_key);

resp := CkHttpResponse_Create();
success := CkHttp_HttpParams(http,'GET','https://app.shippingeasy.com/api/orders',queryParams,resp);
if (success = False) then
  begin
    Memo1.Lines.Add(CkHttp__lastErrorText(http));
    Exit;
  end;

Memo1.Lines.Add('response status code = ' + IntToStr(CkHttpResponse_getStatusCode(resp)));
Memo1.Lines.Add('response body:');
Memo1.Lines.Add(CkHttpResponse__bodyStr(resp));

CkStringBuilder_Dispose(sbStringToSign);
CkJsonObject_Dispose(json);
CkDateTime_Dispose(dt);
CkCrypt2_Dispose(crypt);
CkHttp_Dispose(http);
CkJsonObject_Dispose(queryParams);
CkHttpResponse_Dispose(resp);

end;