(Tcl) ShippingEasy.com Calculate Signature for API Authentication

Demonstrates how to calculate the shippingeasy.com API signature for authenticating requests.

Chilkat Tcl Extension Downloads Chilkat Tcl Extension Downloads

load ./chilkat.dll

# This example requires the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

# 
# First, concatenate these into a plaintext string using the following order:
# 
#     Capitilized method of the request. E.g. "POST"
#     The URI path
#     The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ
#     The request body as a string if one exists
#     All parts are then concatenated together with an ampersand. The result resembles something like this:
# 
# "POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{ ... request body ... }"

set sbStringToSign [new_CkStringBuilder]

set httpVerb "POST"
set uriPath "/partners/api/accounts"
set queryParamsStr "api_key=YOUR_API_KEY&api_timestamp=UNIX_EPOCH_TIMESTAMP"

# Build the following JSON that will be the body of the request:

# {
#   "account": {
#     "first_name": "Coralie",
#     "last_name": "Waelchi",
#     "company_name": "Hegmann, Cremin and Bradtke",
#     "email": "se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com",
#     "phone_number": "1-381-014-3358",
#     "address": "2476 Flo Inlet",
#     "address2": "",
#     "state": "SC",
#     "city": "North Dennis",
#     "postal_code": "29805",
#     "country": "USA",
#     "password": "abc123",
#     "subscription_plan_code": "starter"
#   }
# }

set json [new_CkJsonObject]

CkJsonObject_UpdateString $json "account.first_name" "Coralie"
CkJsonObject_UpdateString $json "account.last_name" "Waelchi"
CkJsonObject_UpdateString $json "account.company_name" "Hegmann, Cremin and Bradtke"
CkJsonObject_UpdateString $json "account.email" "se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com"
CkJsonObject_UpdateString $json "account.phone_number" "1-381-014-3358"
CkJsonObject_UpdateString $json "account.address" "2476 Flo Inlet"
CkJsonObject_UpdateString $json "account.address2" ""
CkJsonObject_UpdateString $json "account.state" "SC"
CkJsonObject_UpdateString $json "account.city" "North Dennis"
CkJsonObject_UpdateString $json "account.postal_code" "29805"
CkJsonObject_UpdateString $json "account.country" "USA"
CkJsonObject_UpdateString $json "account.password" "abc123"
CkJsonObject_UpdateString $json "account.subscription_plan_code" "starter"

CkJsonObject_put_EmitCompact $json 0
puts [CkJsonObject_emit $json]

# First, let's get the current date/time in the Unix Epoch Timestamp format (which is just an integer)
set dt [new_CkDateTime]

CkDateTime_SetFromCurrentSystemTime $dt
# Get the UTC time.
set bLocalTime 0
set unixEpochTimestamp [CkDateTime_getAsUnixTimeStr $dt $bLocalTime]

# Build the string to sign:
CkStringBuilder_Append $sbStringToSign $httpVerb
CkStringBuilder_Append $sbStringToSign "&"
CkStringBuilder_Append $sbStringToSign $uriPath
CkStringBuilder_Append $sbStringToSign "&"
CkStringBuilder_Append $sbStringToSign $queryParamsStr
CkStringBuilder_Append $sbStringToSign "&"
# Make sure to send the JSON body of a request in compact form..
CkJsonObject_put_EmitCompact $json 1
CkStringBuilder_Append $sbStringToSign [CkJsonObject_emit $json]

# Use your API key here:
set your_api_key "f9a7c8ebdfd34beaf260d9b0296c7059"

set numReplaced [CkStringBuilder_Replace $sbStringToSign "YOUR_API_KEY" $your_api_key]
set numReplaced [CkStringBuilder_Replace $sbStringToSign "UNIX_EPOCH_TIMESTAMP" $unixEpochTimestamp]

# Do the HMAC-SHA256 with your API secret:
set your_api_secret "ea210785fa4656af03c2e4ffcc2e7b5fc19f1fba577d137905cc97e74e1df53d"
set crypt [new_CkCrypt2]

CkCrypt2_put_MacAlgorithm $crypt "hmac"
CkCrypt2_put_EncodingMode $crypt "hexlower"
CkCrypt2_SetMacKeyString $crypt $your_api_secret
CkCrypt2_put_HashAlgorithm $crypt "sha256"

set api_signature [CkCrypt2_macStringENC $crypt [CkStringBuilder_getAsString $sbStringToSign]]
puts "api_signature: $api_signature"

# --------------------------------------------------------------------
# Here's an example showing how to use the signature in a request:

# Build a new string-to-sign and create a new api_signature for the actual request we'll be sending...
CkStringBuilder_Clear $sbStringToSign
CkStringBuilder_Append $sbStringToSign "GET"
CkStringBuilder_Append $sbStringToSign "&"
CkStringBuilder_Append $sbStringToSign "/app.shippingeasy.com/api/orders"
CkStringBuilder_Append $sbStringToSign "&"
CkStringBuilder_Append $sbStringToSign $queryParamsStr
CkStringBuilder_Append $sbStringToSign "&"
# There is no body for a GET request.

set api_signature [CkCrypt2_macStringENC $crypt [CkStringBuilder_getAsString $sbStringToSign]]

set http [new_CkHttp]

set queryParams [new_CkJsonObject]

CkJsonObject_UpdateString $queryParams "api_signature" $api_signature
CkJsonObject_UpdateString $queryParams "api_timestamp" $unixEpochTimestamp
CkJsonObject_UpdateString $queryParams "api_key" $your_api_key

# resp is a CkHttpResponse
set resp [CkHttp_QuickRequestParams $http "GET" "https://app.shippingeasy.com/api/orders" $queryParams]
if {[CkHttp_get_LastMethodSuccess $http] == 0} then {
    puts [CkHttp_lastErrorText $http]
    delete_CkStringBuilder $sbStringToSign
    delete_CkJsonObject $json
    delete_CkDateTime $dt
    delete_CkCrypt2 $crypt
    delete_CkHttp $http
    delete_CkJsonObject $queryParams
    exit
}

puts "response status code = [CkHttpResponse_get_StatusCode $resp]"
puts "response body:"
puts [CkHttpResponse_bodyStr $resp]

delete_CkHttpResponse $resp


delete_CkStringBuilder $sbStringToSign
delete_CkJsonObject $json
delete_CkDateTime $dt
delete_CkCrypt2 $crypt
delete_CkHttp $http
delete_CkJsonObject $queryParams