Authorization

To communicate with the Checkout API and Authorization header must be generated and appended to each request. Follow the guide below to generate such authorization headers

Algoritm

To generate the authorization header, concatenate the string "SharedKey " with the base64 encoded value of your userName and the SHA-256 hash of the request_body, path and the shared_access_key.

"SharedKey " + base64({userName} + ":" + sha256({request_body} + {path} + {shared_access_key}))

The alogritm above explains how to generate the authorization header value, where:

Please note

The formatting of the JSON body such as line breaks and whitespace will have an effect on the authorization header value. Any change in formatting will therefore affect the resulting authorization header value.

Examples on Github

Examples on how to authorize with our API can be found here: https://github.com/collector-bank/checkout-examples

JS Fiddle examples

An example illustrating how the authorization header value may be calculated using JavaScript can be found here: https://jsfiddle.net/wmLg1s35/12/

The same example for a GET request, where the request body is simply omitted, can be found here: https://jsfiddle.net/te2n8bqe/

Examples

/*
Javascript Example on how to generate the authorization header value.
*/
var username = "myUsername";
var path = "/checkout";
var sharedAccessKey = "mySharedKey";
// Note, blank spaces and rows have been formatted in the example for readability. This will have impact on the hashed result.
var requestBody = {
storeId: 123,
countryCode: "SE",
reference: "123456789",
notificationUri: "http://your-backend-api-notification-uri.com",
redirectPageUri: "http://your-purchase-completed-confirmation-page.com",
merchantTermsUri: "http://your-merchant-purchase-terms.com",
cart: {
items: [
{
id: "1",
description: "Some product",
unitPrice: 200,
quantity: 1,
vat: 20,
requiresElectronicId: true,
sku: "a unique alphanumeric code for article identification",
},
],
},
};
var hash =
username + ":" + CryptoJS.SHA256(requestBody + path + sharedAccessKey);
var key = "SharedKey " + btoa(hash); //btoa = encodeBase64
console.log(key);
// Should be SharedKey bXlVc2VybmFtZTpmNTJiYzE3YmIyNWFmOWYzMzVlY2M2MjhjOWY0N2RiNGMwNTdmY2ZhYmVlYzRjM2Y0ZDRiMjRiMTU2N2QwYWNk