API Authentication
Explain how CYBAVO SOFA system validates client requests.
The CYBAVO SOFA system verifies all incoming requests. All requests must include X-API-CODE, X-CHECKSUM headers otherwise caller will get a 403 Forbidden error.
How to make a correct request?
- Put the API code in the X-API-CODE header.
- Use the inactivated API code in any request will activate it automatically. Once activated, the currently activated API code will immediately become invalid.
- Or you can explicitly call the activation API to activate the API code before use
- Calculate the checksum with the corresponding API secret and put the checksum in the X-CHECKSUM header.
- The checksum calculation will use all the query parameters, the current timestamp, user-defined random string and the post body (if any).
- Please refer to the code snippet on the github project to learn how to calculate the checksum.