Skip to main content

Authentication

The API endpoints require authentication to ensure secure access to the resources. The authentication process involves signing the requests with the API key and secret provided by Globiance when you create a new store.

To authenticate requests, do the following

  1. Retrieve the API key and secret from the Globiance Merchant Dashboard. https://exchange.globiance.com/merchant
  2. Calculate the signature using a cryptographic hash function, such as HMAC-SHA256. The signature is generated by hashing the serialized request data or payload with the secret key.
  3. Add the calculated signature to the request headers.
  4. Add the API key to the request headers with key 'API-KEY'.
  5. Proceed with sending the authenticated request.

Here's a sample of how you can authenticate the requests in Javascript. Follow these steps:

  1. Create an instance of axios and set the base URL to the API service.
  2. Retrieve the API key and secret from the environment variables.
  3. Use an interceptor to modify the request headers before sending them. The interceptor calculates the signature (SIGN) based.
  4. on the request data using the provided secret.
  5. The calculated signature and API key are added to the request headers.
  6. Ensure that you have the correct API key and secret from your system to authenticate the requests successfully.

The following code snippet demonstrates the authentication process:


import axios from "axios";
import crypto from "crypto";

const axiosInstance = axios.create({
baseURL: "https://merchantapi.globiance.com/merchant-api-service",
});

const API_KEY = process.env.API_KEY;
const SECRET = process.env.SECRET;

axiosInstance.interceptors.request.use((config) => {
const SIGN = crypto
.createHmac("sha256", SECRET)
.update(JSON.stringify(config.data))
.digest("base64");

if (!config.headers) config.headers = {};

config.headers.SIGN = SIGN;
config.headers["API-KEY"] = API_KEY;

return config;
});