Handshake protocol in WC1 API ?

nabil.hassoumi

Is there a Handshake protocol that allow mutual
authentication between client and server (encryption of algorithms,
hashing, and exchange of symmetric keys that provide encryption) while using WC1 API ?

Irfan.Khan

Hello @nabil.hassoumi ,

The WC1 API is exposed as a REST/JSON web service so the request and response messages are sent as plain text, encrypted over the wire via HTTPS. The protocol used for authenticating user details at the WC1 server is HTTPS.

The user sends the API key, keyed-hash message authentication code (HMAC-which is calculated using a combination of the request message contents and the API user’s secret key), base64-encoded representation of the HMAC and the current timestamp as request headers over HTTPS in order to successfully authenticate himself to the WC1 API.

Please note the authorization headers should be sent to WC1 for each request as the requests are not session based.

Kindly go through our documentation to know more on how to authenticate your requests to WC1 API. You can download the same from the "download" section of the Developer Community. Once downloaded go the folder where the file has downloaded and navigate to the file "security.html". This is the document that will provide you a detailed information on this topic.

Kindly let me know if you need further help on this.

Thanks,

Irfan Khan