Playdapp Developers V2
  • Introduction
  • Prerequisites
  • QuickStart
  • API Guide
    • Overview
    • Authentication
    • HTTP Status Code
    • Diagrams
      • Basic
      • Shop in Shop
  • API Reference
    • APIs Overview
    • Basic
    • Shop in Shop
      • Base
      • P2E
Powered by GitBook
On this page
  • How to create a signature
  • Examples
  • signature for Mapping Item API
  • signature for Get Item List API
  1. API Guide

Authentication

Describes authentication-related fields included in the header.

PreviousOverviewNextHTTP Status Code

Last updated 2 years ago

The header of all API requests except must include svc-api-key, signature, timestamp, and nonce .

The meaning of each field is as follows.

Field Name
Description

svc-api-key

svc-api-key is issued for each registered service(ex> game) of partner.

signature

The result of an API request signed by a secret key issued per registered service(ex> game) of partner.

timestamp

The time at which the request was sent, set to a Unix Epoch Timestamp with milliseconds value. Ex) 1663817250538

nonce

Random string of 8 characters, composed of uppercase or lowercase alphabets and numbers.

A nonce can't be reused within 20 seconds after the successful request.

How to create a signature

  • apiSecret is a secret key issued for each registered service(ex> game) of partner.

  • path means the part of the api path including the query parameter part of the api.

  • method uses uppercase letters as the http method of the corresponding API.

  • For timestamp and nonce, use the nonce and timestamp values to be included in the header.

  • Body and QueryString must be sort by key value Ascending (ASC)

import CryptoJs from "crypto-js";
import sortJson from "sort-json";
import _ from "lodash";

function generateSignature(apiSecret, method, path, timestamp, nonce, body) {
    // Body and QueryStrings must be sort by key value Ascending (ASC) and Stringified JSON
    // Query strings sort by key ASC
    const requestPath = path.split('?')[0];
    const queryStrings = new URLSearchParams(path.split('?')[1]);
    queryStrings.sort();
    
    // Body sort by key ASC
    const params = JSON.stringify(sortJson(body || {}, { ignoreCase: true, reverse: false }));
    // Path Include Query Strings
    // Params Must Stringified JSON
    const apiPath = `${method}${requestPath}${queryStrings.toString().length > 0 ? '?' : ''}${decodeURIComponent(queryStrings.toString()}${nonce}${timestamp}${params}`;

    // Encrypt apiPath By Hmac Sha512
    let hash = CryptoJs.HmacSHA512(apiPath, apiSecret);
    // And Encode By Base64
    return CryptoJs.enc.Base64.stringify(hash);
}

Examples

API Request with body and without query string

const signature = generateSignature(
  process.env.API_SECRET,
  'POST',
  '/v1/items',
  Date.now(),
  'bsD3E7ge',
  {
    userId: '123',
    serviceContractId: 1,
    itemCode: '1111',
    itemId: '11',
    itemAttributes: [
      {
        "trait_type": "Base", 
        "value": "Starfish"
      }, 
      {
        "trait_type": "Eyes", 
        "value": "Big"
      }
    ]
  }
);

console.log('signature', signature);

API Request with query string and without body

const signature = generateSignature(
  process.env.API_SECRET,
  'GET',
  '/v1/items?status=burned&offset=0&limit=20',
  Date.now(),
  'baD3N73B',
  null,
);

console.log('signature', signature);

signature for

signature for

Get Browser Token
Mapping Item API
Get Item List API