For all API requests, it is mandatory to format the header as described below:

FieldMandatoryDescription
AcceptYesAPI version, data type and encoding
Accept-LanguageNoInput language. Default value is EN_US
AuthorizationYesSHA256 generated with a secret key to guarantee request authenticity.
Format: store-id:hash
To generate the authorization, besides the store-id, it is required: secret-key, URL Path (e.g. /transactions), URL Query String (e.g. ?initial_date=yyyy-mm-dd) and Content MD5 (the latter only for POST requests).
The hash is generated using hmac-sha256-algorithm (secret-key, (URL Path + URL Query String + Content MD5)).
Content-TypeYesOnly Application/json is accepted

📘

Mandatory when is post request

Header example

GET / HTTP 1.1 Host: api.boacompra.com Accept: en-US Accept-Language: application/vnd.boacompra.com.v1+json; charset=UTF-8 Authorization: 123:ba567109f868df40c7cda9c5563bf2a9cdcb8b6bc68cac4a60091fa519352289 Content-Type: application/json

Example for POST requests

public class Header { private String secretKey = "ABCDE0987"; private String storeId = "10"; private String contentMD5; private String httpVerb; public Header(String content, String url) throws NoSuchAlgorithmException, MalformedURLException, UnsupportedEncodingException { this.setContentMd5(content); this.setHttpVerb(new URL(url)); } private void setHttpVerb(URL url) { this.httpVerb = url.getPath() + (url.getQuery() != null ? '?' + url.getQuery() : ""); } private void setContentMd5(String content) throws NoSuchAlgorithmException, UnsupportedEncodingException { MessageDigest md = MessageDigest.getInstance("MD5"); byte messageDigest[] = md.digest(content.getBytes("UTF-8")); this.contentMD5 = new BigInteger(1,messageDigest).toString(16); } private String generateAuthorization() throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException { final String data = this.httpVerb+this.contentMD5; Mac mac = Mac.getInstance("HmacSHA256"); mac.init(new SecretKeySpec(this.secretKey.getBytes("UTF8"), "HmacSHA256")); return Hex.encodeHexString(mac.doFinal(data.getBytes("UTF-8"))); } public HashMap<String,String> generateHeader() throws InvalidKeyException, NoSuchAlgorithmException, UnsupportedEncodingException { HashMap<String, String> headers = new HashMap<>(); headers.put("Accept", "application/vnd.boacompra.com.v2+json; charset=UTF-8"); headers.put("Content-Type", "application/json"); headers.put("Authorization", this.storeId+':'+this.generateAuthorization()); return headers; } } String content = "{\"transaction-id\":123456789,\"amount\":10.57,\"notify-url\":\"https://virtualstore.com/notifications\",\"test-mode\":0}"; Header header = new Header(content, "https://api.boacompra.com/boa-compra-end-point"); HashMap<String, String> headerMap = header.generateHeader(); System.out.println(Arrays.asList(headerMap));
class header { private $secretKey = 'ABCDE0987'; private $storeId = 10; public function __construct($content, $url) { $this->setContentMd5($content); $this->setHttpVerb($url); } private function setContentMd5($content) { $this->contentMd5 = md5($content); } private function setHttpVerb($url) { if (parse_url($url, PHP_URL_QUERY)) { $this->httpVerb = parse_url($url, PHP_URL_PATH).'?'.parse_url($url, PHP_URL_QUERY); } else { $this->httpVerb = parse_url($url, PHP_URL_PATH); } } private function generateAuthorization() { return hash_hmac( 'sha256', $this->httpVerb . $this->contentMd5, $this->secretKey ); } public function generateHeader() { $headers = array( 'Accept' => 'application/vnd.boacompra.com.v2+json; charset=UTF-8', 'Content-Type' => 'application/json', 'Authorization' => $this->storeId . ':' . $this->generateAuthorization() ); return $headers; } } echo 'POST EXAMPLE <br />'; $content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}'; $headerPost = new header($content, 'https://api.boacompra.com/boa-compra-end-point'); print_r($headerPost->generateHeader());
require 'uri' require 'openssl' require 'digest/md5' class Header SECRET_KEY = 'ABCDE0987' STORE_ID = 10 attr_reader :contentMD5, :httpVerb def initialize(content, url) setContentMD5(content) setHttpVerb(url) end private def setContentMD5(content) @contentMD5 = Digest::MD5.hexdigest(content).to_s end private def getQueryString(url) uri = URI(url) url.to_s.empty? || uri.query.nil? ? '' : '?' + uri.query end private def setHttpVerb(url) uri = URI::parse(url) @httpVerb = getQueryString(url).to_s.empty? ? uri.path : uri.path + "?" + getQueryString(url) end private def generateAuthorization() OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), SECRET_KEY, @httpVerb + @contentMD5) end public def generateHeader() headers = { "Accept" => 'application/vnd.boacompra.com.v2+json; charset=UTF-8', "Content-Type" => 'application/json', "Authorization" => STORE_ID.to_s + ":" + generateAuthorization() } headers end end puts '<pre>POST EXAMPLE <br />' content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}'; headerGet = Header.new(content, 'https://api.boacompra.com/boa-compra-end-point') puts headerGet.generateHeader()
"""Python 2.7""" from urlparse import urlparse import hashlib import hmac import md5 class Header: __secretKey = '123' __storeId = 10 def __init__(self, content, url): self.__setHttpVerb(url) self.__setContentMd5(content) def __setHttpVerb(self, url): urlParsed = urlparse(url) self.__httpVerb = urlParsed.path + urlParsed.query def __setContentMd5(self, content): self.__contentMd5 = md5.new(content).hexdigest() def __generateAuthorization(self): return hmac.new( self.__secretKey, self.__httpVerb + self.__contentMd5, hashlib.sha256 ).hexdigest() def generateHeader(self): return { 'Accept': 'application/vnd.boacompra.com.v2+json; charset=UTF-8', 'Content-Type': 'application/json', 'Authorization': str(self.__storeId) + ':' + self.__generateAuthorization() } from Header import Header content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}' url = 'https://api.boacompra.com/boa-compra-end-point' a = Header(content, url) print a.generateHeader()
"""Python 3.x""" from urllib.parse import urlparse import hashlib import hmac class Header: __secretKey = '123' __storeId = 10 def __init__(self, content, url): self.__setHttpVerb(url) self.__setContentMd5(content) def __setHttpVerb(self, url): urlParsed = urlparse(url) self.__httpVerb = urlParsed.path + urlParsed.query def __setContentMd5(self, content): self.__contentMd5 = hashlib.md5(content.encode()).hexdigest() def __generateAuthorization(self): authContent = self.__httpVerb + self.__contentMd5 return hmac.new( self.__secretKey.encode(), authContent.encode(), hashlib.sha256 ).hexdigest() def generateHeader(self): return { 'Accept': 'application/vnd.boacompra.com.v2+json; charset=UTF-8', 'Content-Type': 'application/json', 'Authorization': str(self.__storeId) + ':' + self.__generateAuthorization() } from Header import Header content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}' url = 'https://api.boacompra.com/boa-compra-end-point' a = Header(content, url) print(a.generateHeader())

Errors

Authorization Header

CodeKeyDescription
10001header_authorization_missingMissing header Authorization in request
10002header_authorization_bad_formatAuthorization header bad formation
10003header_authorization_invalidAuthorization header error

Accept Header

CodeKeyDescription
10201header_accept_missingMissing header Accept in request
10202header_accept_application_missingMissing Application on header Accept
10203header_accept_bad_formatHeader Accept with bad format
10204header_accept_format_missingMissing Format on header Accept
10205header_accept_charset_missingMissing Charset on header Accept
10206header_accept_application_invalidInvalid Application on Accept Header
10207header_accept_format_invalidInvalid Format on Accept Header
10208header_accept_charset_invalidInvalid Charset on Accept Header
10209header_accept_version_invalidInvalid Version on Accept Header

Content-Type Header

CodeKeyDescription
10301header_contenttype_missingMissing header Content-Type in request
10302header_contenttype_not_acceptedContent-Type is not accepted

Accept Language

CodeKeyDescription
10401header_language_not_acceptedLanguage not accepted

Did this page help you?