All Finfare Connect publishers will be provided with a dev and production API Key along with an API Secret. Speak with your representative for these if you haven't already received them.
Authorisation is required for all API requests. Authenticate requests by providing a signature in the request header
Here's how it works:
Authorization: Bearer {signature}:{timestamp}:{apikey}
signature: HMAC-SHA256(api_key + verb + content + content_type + timestamp + url)
verb = Request Method
*content = If no content is provided, there will be no need to provide a value
Please note the below parameters should be encoded in Base64 before you compile and send your signature
timestamp: Base64 encoded
signature: Base64 encoded
function get_signature($verb, $content, $url) {
$nimdaapikey = API_KEY;
$nimda_secret = API_SECRET_KEY;
$timestamp = date("Y-m-d h:i:s");
$signature = $nimdaapikey . $verb . $content . "application/json" . $timestamp . $url;
$hmac_signature = base64_encode(hash_hmac('sha256', $signature, $nimda_secret, true));
$created_signature = $hmac_signature . ':' . base64_encode($timestamp) . ':' . $nimdaapikey;
return $created_signature;
}
Finally, feel free to ask your representative for our Postman Collection. They would be more than happy to provide!