Dokumentation Entwickler API


Aktualisiert am 16.03.2017

Client authentication

Consider, you received an api-key and a secret key from VersaCommerce:

  • api-key: 546fe50eeeed7205cd6fd97cda7c646cf2b96207
  • secret: c1f0ea1fe65be873c8a62a10485cc58b250ab74e

1. Request to get the token

If you need to get the token as XML instead of a HTTP redirect:

VersaCommerce will respond to your request with a redirection (here we use "") or XML outpout with a token ("t") arameter.

Your App should now memorize this token, because you will need it to compute the password. The password is always a MD5 hash, built from a string, composed of the secret and the token.

password = md5(secret+token)

2. Example in Ruby

  • secret: c1f0ea1fe65be873c8a62a10485cc58b250ab74e
  • token: 66f3a04b

password = Digest::MD5.hexdigest("c1f0ea1fe65be873c8a62a10485cc58b250ab74e" + "66f3a04b")
=> dccd1e9d50d45133f14d6effc727020c

3. Build the authenticated requests

Now you can build the authenticated requests to your shop's API with the api-key and the computed password as authorization parameters:

http://api_key:password @

See this example:

http://546fe50eeeed7205cd6fd97cda7c646cf2b96207:6719b9661a086ebba81d69401f9e7ed9 @

To get the last 3 orders from your store, you would fire up the request with curl like this:

$ curl -H 'Accept: application/xml' -H 'Content-Type: application/xml' \
-u 546fe50eeeed7205cd6fd97cda7c646cf2b96207:dccd1e9d50d45133f14d6effc727020c \