Making authorized requests

Now we assume that you already had:

  • App Secret Key (You can see your app secret key from the setting page of your app)
  • Shop Domain (or Shop ID) and OAuth Access Token (You got these information from the installation request using the {NONCE-CODE})

Example HTTP Request

GET https://{endpoint-domain}.hiweb.io/api/orders

Required scopes:

Scope Description
orders.collection List all orders

Request headers:

Header Required Description
OAuth-Token true OAuth token received by using NONCE-CODE from the installation request
Hiweb-Secret-Proof true A sha256 hash of OAuth-Token, using your app secret as the key
shop-id false Optional if you send request to shop-domain.hiweb.io, required if you send request to general endpoint api.hiweb.io

Example of {Hiweb-Secret-Proof} value generated in PHP

<?php
$secretProof = hash_hmac('sha256', $accessToken, $appSecret);