Authentication

Describes authentication-related fields included in the header.

The header of all API requests except Get Browser Token must include svc-api-key, signature, timestamp, and nonce .

The meaning of each field is as follows.

Field Name

Description

svc-api-key

svc-api-key is issued for each registered service(ex> game) of partner.

signature

The result of an API request signed by a secret key issued per registered service(ex> game) of partner.

timestamp

The time at which the request was sent, set to a Unix Epoch Timestamp with milliseconds value. Ex) 1663817250538

nonce

Random string of 8 characters, composed of uppercase or lowercase alphabets and numbers.

A nonce can't be reused within 20 seconds after the successful request.

How to create a signature

apiSecret is a secret key issued for each registered service(ex> game) of partner.
path means the part of the api path including the query parameter part of the api.
method uses uppercase letters as the http method of the corresponding API.
For timestamp and nonce, use the nonce and timestamp values to be included in the header.
Body and QueryString must be sort by key value Ascending (ASC)

import CryptoJs from "crypto-js";
import sortJson from "sort-json";
import _ from "lodash";

function generateSignature(apiSecret, method, path, timestamp, nonce, body) {
    // Body and QueryStrings must be sort by key value Ascending (ASC) and Stringified JSON
    // Query strings sort by key ASC
    const requestPath = path.split('?')[0];
    const queryStrings = new URLSearchParams(path.split('?')[1]);
    queryStrings.sort();
    
    // Body sort by key ASC
    const params = JSON.stringify(sortJson(body || {}, { ignoreCase: true, reverse: false }));
    // Path Include Query Strings
    // Params Must Stringified JSON
    const apiPath = `${method}${requestPath}${queryStrings.toString().length > 0 ? '?' : ''}${decodeURIComponent(queryStrings.toString()}${nonce}${timestamp}${params}`;

    // Encrypt apiPath By Hmac Sha512
    let hash = CryptoJs.HmacSHA512(apiPath, apiSecret);
    // And Encode By Base64
    return CryptoJs.enc.Base64.stringify(hash);
}

Examples

signature for Mapping Item API

API Request with body and without query string

const signature = generateSignature(
  process.env.API_SECRET,
  'POST',
  '/v1/items',
  Date.now(),
  'bsD3E7ge',
  {
    userId: '123',
    serviceContractId: 1,
    itemCode: '1111',
    itemId: '11',
    itemAttributes: [
      {
        "trait_type": "Base", 
        "value": "Starfish"
      }, 
      {
        "trait_type": "Eyes", 
        "value": "Big"
      }
    ]
  }
);

console.log('signature', signature);

signature for Get Item List API

API Request with query string and without body

const signature = generateSignature(
  process.env.API_SECRET,
  'GET',
  '/v1/items?status=burned&offset=0&limit=20',
  Date.now(),
  'baD3N73B',
  null,
);

console.log('signature', signature);

PreviousOverview NextHTTP Status Code

Last updated 3 years ago