Authorize QR Code Transaction Signing
Authorize Transaction Signing function that verify user’s username with QR Code together with transaction id and details.
Below is the URL to access the API functions:
POST /v2/CentagateWS/webresources/auth/authQRCodeParameters
| Parameters | Occurence | Descriptions |
|---|---|---|
| username | Required | Registered Username in CENTAGATE Cloud |
| devAccId | Required | The selected device account id |
| otp | Required | The OTP generated based on the QR code |
| challenge | Required | The OTP challenge |
| details | Required | The transaction information based on requested QR code encoded using Base64.
Format:
-
Alternatively, the information is returned as plainText during QR code request. |
| authToken | Optional | The previous generated authToken. |
| integrationKey | Required | Integration Key Of The App That The User Wants To Authenticate |
| unixTimestamp | Required | Current Time In Unixtimestamp |
| supportFido | Optional | FIDO Authentication Option, Pass True To Enable And False To Disable. Or Leave It Empty |
| ipAddress | Optional | IP Address From Where The Authentication Request Is Originated. |
| userAgent | Optional | Platform Information Of Authentication Request is made of. |
| browserFp | Optional | Browser Fingerprint |
| transactionValue | Required | The transaction values. |
| isTransaction | Required | This value should be “1”. |
| HMAC | Required | Hmac Generated From Combination (username + devAccId + otp + challenge + details + authToken + userAgent + integrationKey + supportFido + browserFp + unixTimeStamp + ipAddress) Using Secretkey (Can Be Obtained From The App Page) As The Key |
Sample Code
As in below there are some examples of source code of access the API functions:
Java
public static void main(String[] args) {
ClientConfig config = new DefaultClientConfig ();
Client client = Client.create ( config );
WebResource service = client.resource ("https://<domain_name>/v2/CentagateWS/webresources");
Gson gson = new Gson();
String hmac = convertHmacSha256("secretkey","username" + "devAccId" + "otp" + "challenge" + "details" + "authToken" + "integrationKey" + "unixTimestamp" + "supportFido" + "ipAddress" + "userAgent" + "browserFp");
HashMap<String, String> map = new HashMap<String, String>();
map.put("username", "username");
map.put("devAccId", "devAccId");
map.put("otp", "otp");
map.put("challenge", "challenge");
map.put("details", "details");
map.put("authToken", "authToken");
map.put("integrationKey", "integrationKey");
map.put("unixTimestamp", "unixTimeStamp");
map.put("ipAddress", "ipAddress");
map.put("userAgent", "userAgent");
map.put("browserFp", "browserFp");
map.put("supportFido", "supportFido");
map.put("transactionValue", "transactionValue");
map.put("isTransaction", "1");
map.put("hmac", hmac);
ClientResponse response = service.path ("auth").path("authQRCode").accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, gson.toJson(map));
String retJson = response.getEntity(String.class);
HashMap<String, Object> returnData = (HashMap<String, Object>) gson.fromJson(retJson, HashMap.class);
String code = returnData.get("code").toString();
String message = returnData.get("message").toString();
String object = returnData.get("object").toString();
}
public static String convertHmacSha256(String secretKey, String params) throws NoSuchAlgorithmException,
InvalidKeyException,IllegalStateException, SignatureException, NoSuchProviderException, Exception
{
try
{
final SecretKeySpec secret_key = new SecretKeySpec ( StringUtils.getBytesUtf8 ( secretKey ) , "HmacSHA256" );
final Mac mac = Mac.getInstance ( "HmacSHA256" );
mac.init ( secret_key );
final byte[] bytes = mac.doFinal ( StringUtils.getBytesUtf8 ( params ) );
return Hex.encodeHexString ( bytes );
}
catch ( NoSuchAlgorithmException e )
{
throw new NoSuchAlgorithmException ( e );
}
catch ( InvalidKeyException e )
{
throw new InvalidKeyException ( e );
}
catch ( IllegalStateException e )
{
throw new IllegalStateException ( e );
}
catch ( Exception e )
{
throw new Exception ( e );
}
}Node Js
const https = require('https')
var crypto = require('crypto');
var username = '<username>';
var devAccId = '<devAccId>';
var otp = '<otp>';
var challenge = '<challenge>';
var details = '<details>';
var integrationKey = '<integrationKey>';
var transactionValue = '<transactionValue>';
var isTransaction = '1';
var time = Math.round((new Date()).getTime() / 1000);
var unixTimestamp = time.toString();
var authToken = "<authToken>";
var supportFido = "<supportFido>";
var ipAddress = "<ipAddress>";
var userAgent = "<userAgent>";
var browserFp = "<browserFp>";
var secretKey = '<secret key>';
var hmacText = username + devAccId + otp + challenge + details + authToken + integrationKey + unixTimestamp + supportFido + ipAddress + userAgent + browserFp;
var hash, hmac;
/* generate hmac value*/
hmac = crypto.createHmac(sha256, secretKey);
hmac.write(hmacText);
hmac.end();
hash = hmac.read().toString('hex');
const data = JSON.stringify({
username: username,
signature: signature,
algorithm: algorithm,
plainText: plainText,
authToken: authToken,
integrationKey: integrationKey,
unixTimestamp: unixTimestamp,
ipAddress: ipAddress,
supportFido: supportFido,
userAgent: userAgent,
browserFp: browserFp,
transactionValue: transactionValue,
isTransaction: isTransaction,
hmac: hash
})
const options = {
hostname: "<domain_name>",
port: 443,
path:'/v2/CentagateWS/webresources/auth/authQRCode',
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json',
}
}
const req = https.request(options, res =>{
console.log(`HTTP Status Code: ${res.statusCode}`)
var body = '';
res.on('data', function(d){
body += d;
var parsed = JSON.parse(body);
if (parsed.code == 0){
console.log('Authentication Succeed');
console.log('Response:');
console.log(body);
}
else {
console.log('Authentication Fail, ' +'Message:' + parsed.message);
console.log('Code:' + parsed.code);
}
})
})
req.on('ERROR', error => {
console.error(error)
})
req.write(data)
req.end()PHP
<?php
$url = 'https://<domain_name>/v2/CentagateWS/webresources/auth/authQRCode';
$ch = curl_init($url);
$secretKey = "<secretkey>";
$username ="<username>";
$devAccId = "<devAccId>";
$otp = "<otp>";
$challenge = "<challenge>";
$details = "<details>";
$integrationKey = "<integrationkey>";
$time = time(); // get current timestamp
$unixTimestamp = strval($time); //convert timestamp to String
$authToken = "<authToken>";
$supportFido = "<supportFido>";
$ipAddress = "<ipAddress>";
$userAgent = "<userAgent>";
$browserFp = "<browserFp>";
$transactionValue = "<transactionValue>";
$isTransaction = "1";
$hmac_text = $username.$devAccId.$otp.$challenge.$details.$authToken.$integrationKey.$unixTimestamp.$supportFido.$ipAddress.$userAgent.$browserFp;
$hmac = hash_hmac('sha256', $hmac_text, $secretKey); // calculate hmac value
$jsonData = array (
'username'=> $username,
'devAccId'=> $devAccId,
'otp'=> $otp,
'challenge'=> $challenge,
'details'=> $details,
'authToken'=> $authToken,
'integrationKey'=> $integrationKey,
'unixTimestamp'=> $unixTimestamp,
'supportFido'=> $supportFido,
'ipAddress'=> $ipAddress,
'userAgent'=> $userAgent,
'browserFp'=> $browserFp,
'transactionValue'=> $transactionValue,
'isTransaction'=> $isTransaction,
'hmac' => $hmac
);
$jsonDataEncoded = json_encode($jsonData);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonDataEncoded);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Accept: application/json','Content-Type: application/json'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$obj = json_decode($result);
if ($obj->{'code'} != 0){
print "Authentication fail";
print "Message: ".$obj->{'message'};
echo " <br>";
print "Code: ".$obj->{'code'};
}
else {
print "Authentication succeed";
echo " <br>";
print "Message: ".$obj->{'message'};
echo " <br>";
print "Code: ".$obj->{'code'};
echo " <br>";
print "Result:" ;
echo " <br>";
print $result;
}
curl_close($ch);
?>