Making authorized requests

Now we assume that you already had:

  • App Secret Key (You can see your app secret key from the setting page of your app)
  • Shop Domain (or Shop ID) and OAuth Access Token (You got these information from the installation request using the {NONCE-CODE})

Example HTTP Request

GET https://{endpoint-domain}

Required scopes:

Scope Description
orders.collection List all orders

Request headers:

Header Required Description
OAuth-Token true OAuth token received by using NONCE-CODE from the installation request
Hiweb-Secret-Proof true A sha256 hash of OAuth-Token, using your app secret as the key
shop-id false Optional if you send request to, required if you send request to general endpoint

Example of {Hiweb-Secret-Proof} value generated in PHP

$secretProof = hash_hmac('sha256', $accessToken, $appSecret);