Calls as an API User include a string in the 'Authorization' header that is similar to the one used in Customer-level scope, with 3 exceptions:
-
You'll use your API account username instead of customer ID for 'sig_field'.
-
You'll use your API account private key instead of the customer ID for 'sig_field'.
-
You'll need to supply another header value: 'og-authorization'. This tells our system that a user, not a customer, needs to be authenticated, and requires a value of True(case sensitive).
headers = {
'authorization': '{"public_id": "39bkas893740ng49023u0m23049209n2", "ts": 1488466536, "sig_field": "test_user", "sig": "BNobNOMlv3DDv6IXs861hx6WMM/4qP4V18tSYM8mPoQ="}',
'content-type': 'application/json',
'og-authorization': True
}
| key | description | example |
|---|---|---|
| public_id | Public API key for your account (also your merchant ID) | 39bkas893740ng49023u0m23049209n2 |
| ts | Current Unix epoch timestamp | 1488466536 |
| sig_field | API account username | test_api_user |
| sig | Generated HMAC signature | BNobNOMlv3DDv6IXs861hx6WMM/4qP4V18tSYM8mPoQ= |
Hashing Signature Values
Your HMAC signature('sig') is the product of hashing the '<sig_field>|' value. See 'Signature Generation'.
Example Call in API User Scope
import requests
url = 'http://hostname/resource'
headers = {
'authorization': '{"public_id": "39bkas893740ng49023u0m23049209n2", "ts": 1488466536, "sig_field": "test_user", "sig": "BNobNOMlv3DDv6IXs861hx6WMM/4qP4V18tSYM8mPoQ="}',
'content-type': 'application/json',
'og-authorization': True
}
response = requests.get(url, headers=headers)