JSON API
Authentication
7 min
all calls to the indexing api are authenticated by signing the request using hmac with sha384 as the hash function your rest api key is used to calculate the signature the signature must be calculated as described on this page how to calculate the signature to calculate a signature for your request implement the following algorithm in your application algorithm determine the following information about your request http method used, e g " put " url path, e g " /v2/batch " query string, e g " test=1 " secured headers, in order x klevu timestamp, e g " 2023 06 19t00 00 00 000z " ⚠️ the timestamp validation window is set to 20 minutes timestamp values provided by the merchant will be considered valid if they fall within a range of 10 minutes in the past and 10 minutes in the future x klevu apikey, e g "klevu 1234567890" x klevu auth algo, e g " hmacsha384 " this must match exactly including case content type, e g " application/json " request body, e g " {} " this must be the exact request body that will be sent to the api construct a string containing \<method> \<url path> \<query string> \<secured headers one per line, these are case sensitive> \<request body> for example, using the data from above put /v2/batch test=1 x klevu timestamp=2023 06 19t00 00 00 000z x klevu apikey=klevu 1234567890 x klevu auth algo=hmacsha384 content type=application/json {} in the previous example, note the case of the header keys as well as the data the x klevu header keys are expected in upper case and "content type" must match as well calculate the binary signature bytes using the hmac algorithm with sha384 as the hash function use your rest api key as the secret signaturebytes = hmac(sha384, constructedstring, secret) next base64 encode the byte to get your signature signature = base64encode(signaturebytes) set the authorization header on your request to "bearer \<signature>" substitute the content of the signature variable in place of "\<signature>" for this example, the full request would be request url https //indexing api ksearchnet com/v2/batch?test=1 request method put headers x klevu timestamp=2023 06 19t00 00 00 000z x klevu apikey=klevu 1234567890 x klevu auth algo=hmacsha384 content type=application/json request body {} sample postman collection for hmac generation in batch requests included below is a sample postman collection demonstrating the process of generating hmac signatures for batch requests of records https //archbee doc uploads s3 amazonaws com/816 4egyzqxallijmlcbn/3xsnd9dpnr5kykpq83m 6 klevu data indexing json apis json the above file comprises a sample batch request upon importing the collection, you'll find a pre request script that dynamically generates a signature tailored to the submitted request within this batch request, a sample category record is included https //archbee doc uploads s3 amazonaws com/mxgehm xwg9knllkkrd64 d vezjdpgnm0lrejlu9sm 20241107 124331 json this file lists the environment variables necessary for signature generation upon import, we recommend updating the values for the following variables apikey and restauthkey with your respective js api key and rest api key for guidance on obtaining api keys, please refer to this article
