Sample code for 30+ languages & platforms
Unicode C

ShippingEasy.com Calculate Signature for API Authentication

See more HTTP Misc Examples

Demonstrates how to calculate the shippingeasy.com API signature for authenticating requests.

Chilkat Unicode C Downloads

Unicode C
#include <C_CkStringBuilderW.h>
#include <C_CkJsonObjectW.h>
#include <C_CkDateTimeW.h>
#include <C_CkCrypt2W.h>
#include <C_CkHttpW.h>
#include <C_CkHttpResponseW.h>

void ChilkatSample(void)
    {
    BOOL success;
    HCkStringBuilderW sbStringToSign;
    const wchar_t *httpVerb;
    const wchar_t *uriPath;
    const wchar_t *queryParamsStr;
    HCkJsonObjectW json;
    HCkDateTimeW dt;
    BOOL bLocalTime;
    const wchar_t *unixEpochTimestamp;
    const wchar_t *your_api_key;
    int numReplaced;
    const wchar_t *your_api_secret;
    HCkCrypt2W crypt;
    const wchar_t *api_signature;
    HCkHttpW http;
    HCkJsonObjectW queryParams;
    HCkHttpResponseW resp;

    success = FALSE;

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // 
    // First, concatenate these into a plaintext string using the following order:
    // 
    //     Capitilized method of the request. E.g. "POST"
    //     The URI path
    //     The query parameters sorted alphabetically and concatenated together into a URL friendly format: param1=ABC&param2=XYZ
    //     The request body as a string if one exists
    //     All parts are then concatenated together with an ampersand. The result resembles something like this:
    // 
    // "POST&/partners/api/accounts&api_key=f9a7c8ebdfd34beaf260d9b0296c7059&api_timestamp=1401803554&{ ... request body ... }"

    sbStringToSign = CkStringBuilderW_Create();

    httpVerb = L"POST";
    uriPath = L"/partners/api/accounts";
    queryParamsStr = L"api_key=YOUR_API_KEY&api_timestamp=UNIX_EPOCH_TIMESTAMP";

    // Build the following JSON that will be the body of the request:

    // {
    //   "account": {
    //     "first_name": "Coralie",
    //     "last_name": "Waelchi",
    //     "company_name": "Hegmann, Cremin and Bradtke",
    //     "email": "se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com",
    //     "phone_number": "1-381-014-3358",
    //     "address": "2476 Flo Inlet",
    //     "address2": "",
    //     "state": "SC",
    //     "city": "North Dennis",
    //     "postal_code": "29805",
    //     "country": "USA",
    //     "password": "abc123",
    //     "subscription_plan_code": "starter"
    //   }
    // }

    json = CkJsonObjectW_Create();
    CkJsonObjectW_UpdateString(json,L"account.first_name",L"Coralie");
    CkJsonObjectW_UpdateString(json,L"account.last_name",L"Waelchi");
    CkJsonObjectW_UpdateString(json,L"account.company_name",L"Hegmann, Cremin and Bradtke");
    CkJsonObjectW_UpdateString(json,L"account.email",L"se_greg_6d477b1e59e8ff24abadfb59d3a2de3e@shippingeasy.com");
    CkJsonObjectW_UpdateString(json,L"account.phone_number",L"1-381-014-3358");
    CkJsonObjectW_UpdateString(json,L"account.address",L"2476 Flo Inlet");
    CkJsonObjectW_UpdateString(json,L"account.address2",L"");
    CkJsonObjectW_UpdateString(json,L"account.state",L"SC");
    CkJsonObjectW_UpdateString(json,L"account.city",L"North Dennis");
    CkJsonObjectW_UpdateString(json,L"account.postal_code",L"29805");
    CkJsonObjectW_UpdateString(json,L"account.country",L"USA");
    CkJsonObjectW_UpdateString(json,L"account.password",L"abc123");
    CkJsonObjectW_UpdateString(json,L"account.subscription_plan_code",L"starter");

    CkJsonObjectW_putEmitCompact(json,FALSE);
    wprintf(L"%s\n",CkJsonObjectW_emit(json));

    // First, let's get the current date/time in the Unix Epoch Timestamp format (which is just an integer)
    dt = CkDateTimeW_Create();
    CkDateTimeW_SetFromCurrentSystemTime(dt);
    // Get the UTC time.
    bLocalTime = FALSE;
    unixEpochTimestamp = CkDateTimeW_getAsUnixTimeStr(dt,bLocalTime);

    // Build the string to sign:
    CkStringBuilderW_Append(sbStringToSign,httpVerb);
    CkStringBuilderW_Append(sbStringToSign,L"&");
    CkStringBuilderW_Append(sbStringToSign,uriPath);
    CkStringBuilderW_Append(sbStringToSign,L"&");
    CkStringBuilderW_Append(sbStringToSign,queryParamsStr);
    CkStringBuilderW_Append(sbStringToSign,L"&");
    // Make sure to send the JSON body of a request in compact form..
    CkJsonObjectW_putEmitCompact(json,TRUE);
    CkStringBuilderW_Append(sbStringToSign,CkJsonObjectW_emit(json));

    // Use your API key here:
    your_api_key = L"f9a7c8ebdfd34beaf260d9b0296c7059";

    numReplaced = CkStringBuilderW_Replace(sbStringToSign,L"YOUR_API_KEY",your_api_key);
    numReplaced = CkStringBuilderW_Replace(sbStringToSign,L"UNIX_EPOCH_TIMESTAMP",unixEpochTimestamp);

    // Do the HMAC-SHA256 with your API secret:
    your_api_secret = L"ea210785fa4656af03c2e4ffcc2e7b5fc19f1fba577d137905cc97e74e1df53d";
    crypt = CkCrypt2W_Create();
    CkCrypt2W_putMacAlgorithm(crypt,L"hmac");
    CkCrypt2W_putEncodingMode(crypt,L"hexlower");
    CkCrypt2W_SetMacKeyString(crypt,your_api_secret);
    CkCrypt2W_putHashAlgorithm(crypt,L"sha256");

    api_signature = CkCrypt2W_macStringENC(crypt,CkStringBuilderW_getAsString(sbStringToSign));
    wprintf(L"api_signature: %s\n",api_signature);

    // --------------------------------------------------------------------
    // Here's an example showing how to use the signature in a request:

    // Build a new string-to-sign and create a new api_signature for the actual request we'll be sending...
    CkStringBuilderW_Clear(sbStringToSign);
    CkStringBuilderW_Append(sbStringToSign,L"GET");
    CkStringBuilderW_Append(sbStringToSign,L"&");
    CkStringBuilderW_Append(sbStringToSign,L"/app.shippingeasy.com/api/orders");
    CkStringBuilderW_Append(sbStringToSign,L"&");
    CkStringBuilderW_Append(sbStringToSign,queryParamsStr);
    CkStringBuilderW_Append(sbStringToSign,L"&");
    // There is no body for a GET request.

    api_signature = CkCrypt2W_macStringENC(crypt,CkStringBuilderW_getAsString(sbStringToSign));

    http = CkHttpW_Create();
    queryParams = CkJsonObjectW_Create();

    CkJsonObjectW_UpdateString(queryParams,L"api_signature",api_signature);
    CkJsonObjectW_UpdateString(queryParams,L"api_timestamp",unixEpochTimestamp);
    CkJsonObjectW_UpdateString(queryParams,L"api_key",your_api_key);

    resp = CkHttpResponseW_Create();
    success = CkHttpW_HttpParams(http,L"GET",L"https://app.shippingeasy.com/api/orders",queryParams,resp);
    if (success == FALSE) {
        wprintf(L"%s\n",CkHttpW_lastErrorText(http));
        CkStringBuilderW_Dispose(sbStringToSign);
        CkJsonObjectW_Dispose(json);
        CkDateTimeW_Dispose(dt);
        CkCrypt2W_Dispose(crypt);
        CkHttpW_Dispose(http);
        CkJsonObjectW_Dispose(queryParams);
        CkHttpResponseW_Dispose(resp);
        return;
    }

    wprintf(L"response status code = %d\n",CkHttpResponseW_getStatusCode(resp));
    wprintf(L"response body:\n");
    wprintf(L"%s\n",CkHttpResponseW_bodyStr(resp));


    CkStringBuilderW_Dispose(sbStringToSign);
    CkJsonObjectW_Dispose(json);
    CkDateTimeW_Dispose(dt);
    CkCrypt2W_Dispose(crypt);
    CkHttpW_Dispose(http);
    CkJsonObjectW_Dispose(queryParams);
    CkHttpResponseW_Dispose(resp);

    }