Lerne, wie VersaCommerce funktioniert


Client authentication

Consider, you received an api-key and a secret key from VersaCommerce:

  • api-key: 546fe50eeeed7205cd6fd97cda7c646cf2b96207
  • secret: c1f0ea1fe65be873c8a62a10485cc58b250ab74e

1. Request to get the token:


If you need to get the token as XML instead of a HTTP redirect:


VersaCommerce will respond to your request with a redirection (here we use „http://app.your-domain.com/login/finalize?t=7cda7c646c”) or XML outpout with a token („t”) parameter.


Your App should now memorize this token, because you will need it to compute the password. The password is always a MD5 hash, built from a string, composed of the secret and the token.

password = md5(secret+token)

2. Example in Ruby

  • secret : “c1f0ea1fe65be873c8a62a10485cc58b250ab74e”
  • token : “66f3a04b”

password = Digest::MD5.hexdigest(“c1f0ea1fe65be873c8a62a10485cc58b250ab74e” + “66f3a04b”)
=> “dccd1e9d50d45133f14d6effc727020c”

3. Build the authenticated requests

Now you can build the authenticated requests to your shop´s API with the api-key and the computed password as authorization parameters:

http://api_key:password @ your-store.versacommerce.de/api/any-resource.xml

See this example:

http://546fe50eeeed7205cd6fd97cda7c646cf2b96207:6719b9661a086ebba81d69401f9e7ed9 @ your-store.versacommerce.de/api/orders.xml?limit=3

To get the last 3 orders from your store, you would fire up the request with curl like this:

$ curl -H 'Accept: application/xml' -H 'Content-Type: application/xml' \
-u 546fe50eeeed7205cd6fd97cda7c646cf2b96207:dccd1e9d50d45133f14d6effc727020c \