Authentication

Describes authentication-related fields included in the header.

The header of all API requests except Get Browser Token must include svc-api-key, signature, timestamp, and nonce .

The meaning of each field is as follows.

Field Name

Description

How to create a signature

apiSecret is a secret key issued for each registered service(ex> game) of partner.
path means the part of the api path including the query parameter part of the api.
method uses uppercase letters as the http method of the corresponding API.
For timestamp and nonce, use the nonce and timestamp values to be included in the header.
Body and QueryString must be sort by key value Ascending (ASC)

import CryptoJs from "crypto-js";
import sortJson from "sort-json";
import _ from "lodash";

function generateSignature(apiSecret, method, path, timestamp, nonce, body) {
    // Body and QueryStrings must be sort by key value Ascending (ASC) and Stringified JSON
    // Query strings sort by key ASC
    const requestPath = path.split('?')[0];
    const queryStrings = new URLSearchParams(path.split('?')[1]);
    queryStrings.sort();
    
    // Body sort by key ASC
    const params = JSON.stringify(sortJson(body || {}, { ignoreCase: true, reverse: false }));
    // Path Include Query Strings
    // Params Must Stringified JSON
    const apiPath = `${method}${requestPath}${queryStrings.toString().length > 0 ? '?' : ''}${decodeURIComponent(queryStrings.toString()}${nonce}${timestamp}${params}`;

    // Encrypt apiPath By Hmac Sha512
    let hash = CryptoJs.HmacSHA512(apiPath, apiSecret);
    // And Encode By Base64
    return CryptoJs.enc.Base64.stringify(hash);
}

Examples

signature for Mapping Item API

API Request with body and without query string

const signature = generateSignature(
  process.env.API_SECRET,
  'POST',
  '/v1/items',
  Date.now(),
  'bsD3E7ge',
  {
    userId: '123',
    serviceContractId: 1,
    itemCode: '1111',
    itemId: '11',
    itemAttributes: [
      {
        "trait_type": "Base", 
        "value": "Starfish"
      }, 
      {
        "trait_type": "Eyes", 
        "value": "Big"
      }
    ]
  }
);

console.log('signature', signature);

signature for Get Item List API

API Request with query string and without body

const signature = generateSignature(
  process.env.API_SECRET,
  'GET',
  '/v1/items?status=burned&offset=0&limit=20',
  Date.now(),
  'baD3N73B',
  null,
);

console.log('signature', signature);

PreviousOverview NextHTTP Status Code

Last updated 2 years ago

Field Name

Description

How to create a signature

apiSecret is a secret key issued for each registered service(ex> game) of partner.

path means the part of the api path including the query parameter part of the api.

method uses uppercase letters as the http method of the corresponding API.

For timestamp and nonce, use the nonce and timestamp values to be included in the header.

Body and QueryString must be sort by key value Ascending (ASC)

import CryptoJs from "crypto-js";
import sortJson from "sort-json";
import _ from "lodash";

function generateSignature(apiSecret, method, path, timestamp, nonce, body) {
    // Body and QueryStrings must be sort by key value Ascending (ASC) and Stringified JSON
    // Query strings sort by key ASC
    const requestPath = path.split('?')[0];
    const queryStrings = new URLSearchParams(path.split('?')[1]);
    queryStrings.sort();
    
    // Body sort by key ASC
    const params = JSON.stringify(sortJson(body || {}, { ignoreCase: true, reverse: false }));
    // Path Include Query Strings
    // Params Must Stringified JSON
    const apiPath = `${method}${requestPath}${queryStrings.toString().length > 0 ? '?' : ''}${decodeURIComponent(queryStrings.toString()}${nonce}${timestamp}${params}`;

    // Encrypt apiPath By Hmac Sha512
    let hash = CryptoJs.HmacSHA512(apiPath, apiSecret);
    // And Encode By Base64
    return CryptoJs.enc.Base64.stringify(hash);
}

Examples

API Request with body and without query string

const signature = generateSignature(
  process.env.API_SECRET,
  'POST',
  '/v1/items',
  Date.now(),
  'bsD3E7ge',
  {
    userId: '123',
    serviceContractId: 1,
    itemCode: '1111',
    itemId: '11',
    itemAttributes: [
      {
        "trait_type": "Base", 
        "value": "Starfish"
      }, 
      {
        "trait_type": "Eyes", 
        "value": "Big"
      }
    ]
  }
);

console.log('signature', signature);

API Request with query string and without body

const signature = generateSignature(
  process.env.API_SECRET,
  'GET',
  '/v1/items?status=burned&offset=0&limit=20',
  Date.now(),
  'baD3N73B',
  null,
);

console.log('signature', signature);