For developers
By Qliro
Select search filters:
0
/
/
Authorization
Authorization Token
All the API calls to Qliro Checkout must contain an authorization token in the header of the request, using the authentication scheme: Qliro.
Generate Token is a three-step operation:
- Create a string using JsonPayload + the key MerchantAPISecret
- Encrypting the string using SHA256 hash
- Encoding the encrypted string using base64
Result: a string you should use as an authorization token in the header.
If no JsonPayload is to be sent, replace JsonPayload (step 1 above) with an empty string when generating the token. The Authorization header should contain the authentication scheme and the token using the following syntax: Authorization: Qliro token.
Please note that authentication will not be supported for notifications. It is up to you as Merchant to supply a generated URL that is only valid for a short period of time.
The JsonPayload
The JsonPayload consists of several parameters. The example code shows how a JsonPayload could look like. See API Reference for the exact specification of the API parameters.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20{ "MerchantReference": "MerchantUniqueReference", "Currency": "SEK", "Country": "SE", "Language": "sv-se", "MerchantConfirmationUrl": "http://Merchant.com/confirmation/", "MerchantTermsUrl": "http://Merchant.com/terms/", "PrimaryColor": "#00FF00", "CallToActionColor": "#0000FF", "OrderItems": [ { "MerchantReference": "XXX", "Description": "ZZZ", "Quantity": 4, "PricePerItemIncVat": 450, "PricePerItemExVat": 450 } ], "MerchantApiKey": "MERCHANTKEY" }
MerchantAPISecret
Authentication also requires you to use a key called MerchantAPISecret. Please contact your Onboarding agent or email integration@qliro.com if you don’t have a key.
How-to
Use one of the following examples to generate a token.
JavaScript
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15var generateToken = function () { var payload = request.data; console.log("Payload: ", payload); var secret = postman.getEnvironmentVariable("ApiSecret"); console.log("Secret: ", secret); var input = ''; if (payload && Object.keys(payload).length > 0) { input += payload; } input += secret; console.log("Input: ", input); var token = CryptoJS.SHA256(input).toString(CryptoJS.enc.Base64); console.log("Token: ", token); return "Qliro " + token; };
.Net
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18public string CreateAuthorizationToken(string jsonPayoload, string apiSecret) { using (var algorithm = new SHA256Managed()) { var data = jsonPayload + apisecret; var bytes = Encoding.UTF8.GetBytes(data); var hash = algorithm.ComputeHash(bytes); return string.Format("Qliro {0}", Convert.ToBase64String(hash)); } }
PHP
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26$json = json_encode(array ( 'MerchantReference' => 'MerchantUniqueReference', 'Currency' => 'SEK', 'Country' => 'SE', 'Language' => 'sv-se', 'MerchantConfirmationUrl' => 'http://Merchant.com/confirmation/', 'MerchantTermsUrl' => 'http://Merchant.com/terms/', 'PrimaryColor' => '#00FF00', 'CallToActionColor' => '#0000FF', 'OrderItems' => array ( 0 => array ( 'MerchantReference' => 'XXX', 'Description' => 'ZZZ', 'Quantity' => 4, 'PricePerItemIncVat' => 450, 'PricePerItemExVat' => 450, ), ), 'MerchantApiKey' => 'API-KEY', ));print $json; echo "<br>"; echo "Authentication Header = <br>"; print 'Qliro '.base64_encode(hex2bin(hash('sha256', $json.'<API-SECRET>')));
Error Codes
If a call is not successful due to some error, you will get an HTTPSStatusCode in the range of 400-599.
The following authentication error may occur:
401 Unauthorized
The error will contain a content body with the following format:
Error response parameters
| Name | Type | Description |
| ErrorCode | String | Unique error code |
| ErrorMessage | String | Detailed error message |
| ErrorReference | String | A tracking ID from Qliro Checkout |
Error response body example
1
2
3
4
5
{
"ErrorCode": "SYSTEM_ERROR",
"ErrorMesssage": "Details about the error",
"ErrorReference": "GUID-CorelationId"
}
