Authentication
To authenticate to the API platform you must require an API Key from your handler on Supplier website that will be used instead of your username for all api calls. The password is the same of your Supplier website account. Password of your ecommerce account and password used with the API are kept in sync so when you change Supplier account password you will also have to change the password you are using to implement API in your integration. The API platform uses the Basic HTTP authentication RFC 2617 (https://tools.ietf.org/html/rfc2617), so you must add the Authorization header field in every http API call. The Authorization field is constructed as follows:
-
The api key and password are combined with a single colon (:)
-
The resulting string is encoded using Base64 encryption
-
The authorization method and a space is then prepended to the encoded string, separated with a space (e.g. "Basic ").
Example
If Aladdin is the api key and OpenSesame is the password, then the field's value is the base64-encoding of Aladdin:OpenSesame,that is: QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:
Authorization : Basic QWxhZGRpbjpPcGVuU2VzYW1l
Adding the header field depends on the language you use for implementation. This is an exemple in PHP:
$header = "Authorization: Basic " . base64_encode($username . ':' . $password);
Http Headers
API request and response use, in most cases, the XML format. So the followed header must be set in the Http Request:
| Header | Value | Note |
|---|---|---|
| Content-Type | application/xml | In every POST request |
| Accept | application/xml | In GET/POST request receiving XML response body |
| Authorization | Basic .base64_encode($username . ':' . $password) | In every request |
| X-Customer-API-KEY | API Key | Not required, only for trade agent |
Http Return Status Codes
API services always returns an http status code to be tested by the caller. The most common status codes are:
| Code | Meaning | Action |
|---|---|---|
| 200 | OK | You may extract data in the response body, if expected it |
| 401 | Unauthorized | You missed the Authorization header or your credentials are invalid |
| 404 | Not found | An item you pass in the request data does not exist in the database (i.e. the order_id, stock_id, etc…) |
| 406 | Not acceptable | You specified an invalid Accept http header, since its value does not match with the response body format (i.e. you specified “application/xml” while response return a plain/text format) |
| 500 | Internal server error | An internal error arose. Contact you support center |