IP2 platform requires that both the transport layer and message are secured to ensure that your message is not tampered with.
Securing the transport layer.
Both IP2 sandbox and production endpoints use the https protocol with a certificate from a recogonized authority.
If you are calling the IP2 from a web client e.g. if your using web checkout, you are also required to use https.
Securing the message
The intelworld IP2 REST API uses a custom HTTP scheme based on a keyed-HMAC (Hash Message Authentication Code) for authentication. To authenticate a request, you first concatenate selected elements of the request to form a string.You then use your IP2 API Key and API Password to calculate the HMAC signature of that string. Finally, you add this signature as a parameter of the request.
Below are the steps to create the HMAC signature
- Concatenate the following items into a string.
SubscriptionId, AccountId, RequestId, BatchId, Amount, PaymentMethodId, ProductId, CurrencyCode, CountryCode, Memo, ChannelId,Reference
Please note that the order of concatenation matters
- Make the string lowwer case
- Create a representation by appending the current date time in UTC timestamp format: dddd, dd MMMM YYYY HH:mm:ss e.g. Thursday, 18 June 2015 07:30:19 GMT
- Hash your API Key using base64 MD5
- Create an HMAC from the hashed password and then create a signature by hashing the representation
- Add the following to your HTTP Headers
|X-Date||UTC timestamp||Thursday, 18 June 2015 07:30:19 GMT|
|X-Content-Type||Content type||application/json; charset=utf-8|
|Authorization||ApiAuth [THE HMAC SIGNATURE THAT YOU GENERATED]||ApiAuth 4QTUV/bjPn1KU/gjvNGoCIEFlVkd==|
|Content-MD5||[Explanation from Mubtx]||d/oWFSCrf6dkFWY9ixULzg==|
See below sample code in different programming languages that you can use to send secure messages to IP2 platform
If you have questions about this documetation you can send us an email on firstname.lastname@example.org or chat with us on skype (Skype names allan.rwakatungu and mubtx)