White Label Integration
Example study: OpenRice For private label integration, user wouldn’t know that they use Hungry Hub’s product. The third party should send a SIGNATURE to our server for every request
`SIGNATURE = HmacSHA256ToHex(| SECRET | Your API secret. it’s a Doorkeeper app secret |
| TIMESTAMP | Unix timestamp in milliseconds eg. 1545880607433 |
| METHOD | Method (GET, POST, PUT, DELETE , PATCH) of the specific API call |
| PATH | The pathname of the specific API call including version. eg. /api/vendor/v1/xxxx/xxx/xxx.json |
| BODY | The request body in JSON string |
HH server read the SIGNATURE from HTTP Headers
Authorization
TOKEN = <KEY>:<TIMESTAMP>:<SIGNATURE>
| KEY | Your API key. Doorkeeper UID key | |||
| TIMESTAMP | MUST be identical to TIMESTAMP in https://developers.lalamove.com/#authentication-signature | |||
| SIGNATURE | As described in https://developers.lalamove.com/#authentication-signature in lowercase hex (base 16) |
update app/controllers/api/kiosque/v1/base_controller.rb to verify the SIGNATURE before processing the request by on before_action hook
HH server has to create its own signature based on the request data, and compare with SIGNATURE in the TOKEN, reject if the signature is not equal
see build_headers method on app/my_lib/delivery_channel/lalamove.rb file to build the signature
use this code to find doorkeeper application
application = Doorkeeper::Application.find_by(uid: 'xxx')