4 posts / 0 new
Last post
alonraskin3139
HMAC calculation for HTTP GET call (Partner Reporting)

Hi,

I am currently doing a HTTP POST call to tokenize a credit card and it works great. The HMAC code seems to work fine.

However,

I would also, at a different point in the code, would like to call the Partner Reporting API or the EVENT API. I use the same algorithm to calculate the HMAC but I keep getting a HMAC Validation Failure error.

The only differences I can see is that this is a HTTP GET rather then a HTTP POST.

1. What is the payload that we pass into the HMAC calculation. Since it is a GET, there are no body parameters. Do we pass in a {} to the algorithm? To be honest I have tried it with both passing in the URL parameters and without and the HMAC validation fails either way.

2. Perhaps you have some hints on how to calculate the HMAC on a GET call?

3. On a related note, I noticed, under my API keys that there is something REPORTING TOKEN. However, I can not find any information on this value? Is it supposed to be used in this call?

Any hints/tips would be appreciated.


alonraskin3139
Re: HMAC calculation for HTTP GET call (Partner Reporting)

Hello? Anybody? Bueller... Bueller.. :-)


rohitrajagopal3538
Re: HMAC calculation for HTTP GET call (Partner Reporting)

1. For a GET request that requires HMAC, you will pass a blank string to the calculation. Basically, you will define the Payload variable as a blank string, shown below in PHP and .NET:

PHP

jsonPayload = "";

.NET

string jsonPayload = “”;

2. Other than defining the Payload variable as a blank string, there is no difference between generating an HMAC for a GET or POST transaction.

3. The Reporting Token is a Legacy value that is no longer used in the current version of the API, but may be of use to Developers that have coded to an older version of the API. You can safely ignore this value in the Developer Portal.

Regards,

Payeezy team


alonraskin3139
Re: HMAC calculation for HTTP GET call (Partner Reporting)

Thanks that did the trick. By not passing in anything I was able to make a successful call to the end point.