NAV Navbar
java php ruby python
  • Header
  • Errors
  • Header

    For all API requests, it is mandatory to format the header as described below:

    Field Mandatory Description
    Accept Yes API version, data type and encoding
    Accept-Language No Input language. Default value is EN_US
    Authorization Yes SHA256 generated with a secret key to guarantee request authenticity.
    Format: store-id:hash
    To generate the authorization, besides the store-id, it is required: secret-key1, HTTP-Verb (url path + query string) and Content-MD5.
    The hash is generated using hmac-sha256-algorithm (secret-key, (HTTP-Verb + Content-MD5)).
    Content-MD5 Yes* MD5 of body request
    Content-Type Yes Only Application/json is accepted

    Header example

    GET / HTTP 1.1
    Host: api.boacompra.com
    Accept: en-US
    Accept-Language: application/vnd.boacompra.com.v1+json; charset=UTF-8
    Authorization: 123:ba567109f868df40c7cda9c5563bf2a9cdcb8b6bc68cac4a60091fa519352289
    Content-Type: application/json
    Content-MD5: e0a84d86a1dc5fb29dabafff83623a7d
    


    Example for POST requests

    public class Header {
      private String secretKey = "ABCDE0987";
      private String storeId = "10";
      private String contentMD5;
      private String httpVerb;
    
      public Header(String content, String url) throws NoSuchAlgorithmException, MalformedURLException, UnsupportedEncodingException {
        this.setContentMd5(content);
        this.setHttpVerb(new URL(url));
      }
    
      private void setHttpVerb(URL url) {
        this.httpVerb = url.getPath() + (url.getQuery() != null ? '?' + url.getQuery() : "");
      }
    
      private void setContentMd5(String content) throws NoSuchAlgorithmException, UnsupportedEncodingException {
        MessageDigest md = MessageDigest.getInstance("MD5");
        byte messageDigest[] = md.digest(content.getBytes("UTF-8"));
        this.contentMD5 =  new BigInteger(1,messageDigest).toString(16);
      }
    
      private String generateAuthorization() throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {
        final String data = this.httpVerb+this.contentMD5;
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(new SecretKeySpec(this.secretKey.getBytes("UTF8"), "HmacSHA256"));
    
        return Hex.encodeHexString(mac.doFinal(data.getBytes("UTF-8")));
      }
    
      public HashMap<String,String> generateHeader() throws InvalidKeyException, NoSuchAlgorithmException, UnsupportedEncodingException {
        HashMap<String, String> headers = new HashMap<>();
        headers.put("Accept", "application/vnd.boacompra.com.v2+json; charset=UTF-8");
        headers.put("Content-Type", "application/json");
        headers.put("Content-MD5", this.contentMD5);
        headers.put("Authorization", this.storeId+':'+this.generateAuthorization());
    
        return headers;
    
      }
    
    }
    
    String content = "{\"transaction-id\":123456789,\"amount\":10.57,\"notify-url\":\"https://virtualstore.com/notifications\",\"test-mode\":0}";
    
    Header header = new Header(content, "https://api.boacompra.com/boa-compra-end-point");
    HashMap<String, String> headerMap = header.generateHeader();
    
    System.out.println(Arrays.asList(headerMap));
    
    <?php
    
    class header
    {
      private $secretKey = 'ABCDE0987';
      private $storeId = 10;
    
      public function __construct($content, $url)
      {
        $this->setContentMd5($content);
        $this->setHttpVerb($url);
      }
    
      private function setContentMd5($content)
      {
        $this->contentMd5 = md5($content);
      }
    
      private function setHttpVerb($url)
      {
        if (parse_url($url, PHP_URL_QUERY)) {
          $this->httpVerb = parse_url($url, PHP_URL_PATH).'?'.parse_url($url, PHP_URL_QUERY);
        } else {
          $this->httpVerb = parse_url($url, PHP_URL_PATH);
        }
      }
    
      private function generateAuthorization()
      {
        return hash_hmac(
          'sha256',
          $this->httpVerb . $this->contentMd5,
          $this->secretKey
        );
      }
    
      public function generateHeader()
      {
        $headers = array(
          'Accept' => 'application/vnd.boacompra.com.v2+json; charset=UTF-8',
          'Content-Type' => 'application/json',
          'Content-MD5' => $this->contentMd5,
          'Authorization' => $this->storeId . ':' . $this->generateAuthorization()
        );
        return $headers;
      }
    }
    
    echo 'POST EXAMPLE <br />';
    $content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}';
    
    $headerPost = new header($content, 'https://api.boacompra.com/boa-compra-end-point');
    print_r($headerPost->generateHeader());
    
    require 'uri'
    require 'openssl'
    require 'digest/md5'
    
    class Header
    
      SECRET_KEY = 'ABCDE0987'
      STORE_ID = 10
    
      attr_reader :contentMD5, :httpVerb
    
      def initialize(content, url)
        setContentMD5(content)
        setHttpVerb(url)
      end
    
      private
      def setContentMD5(content)
        @contentMD5 = Digest::MD5.hexdigest(content).to_s
      end
    
      private
      def getQueryString(url)
        uri = URI(url)
        url.to_s.empty? || uri.query.nil? ? '' : '?' + uri.query
      end
    
      private
      def setHttpVerb(url)
        uri = URI::parse(url)
        @httpVerb = getQueryString(url).to_s.empty? ? uri.path : uri.path + "?" + getQueryString(url)
      end
    
      private
      def generateAuthorization()
        OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), SECRET_KEY, @httpVerb + @contentMD5)
      end
    
      public
      def generateHeader()
        headers = {
          "Accept"           => 'application/vnd.boacompra.com.v2+json; charset=UTF-8',
          "Content-Type"     => 'application/json',
          "Content-MD5"      => @contentMD5,
          "Authorization"    => STORE_ID.to_s + ":" + generateAuthorization()
        }
        headers
      end
    end
    
    puts '<pre>POST EXAMPLE <br />'
    content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}';
    headerGet = Header.new(content, 'https://api.boacompra.com/boa-compra-end-point')
    puts headerGet.generateHeader()
    
    """Python 2.7"""
    from urlparse import urlparse
    import hashlib
    import hmac
    import md5
    
    class Header:
    
      __secretKey = '123'
      __storeId = 10
    
      def __init__(self, content, url):
        self.__setHttpVerb(url)
        self.__setContentMd5(content)
    
      def __setHttpVerb(self, url):
        urlParsed = urlparse(url)
        self.__httpVerb = urlParsed.path + urlParsed.query
    
      def __setContentMd5(self, content):
        self.__contentMd5 = md5.new(content).hexdigest()
    
      def __generateAuthorization(self):
        return hmac.new(
          self.__secretKey,
          self.__httpVerb + self.__contentMd5,
          hashlib.sha256
        ).hexdigest()
    
      def generateHeader(self):
        return {
          'Accept': 'application/vnd.boacompra.com.v2+json; charset=UTF-8',
          'Content-Type': 'application/json',
          'Content-MD5': self.__contentMd5,
          'Authorization': str(self.__storeId) + ':' + self.__generateAuthorization()
        }
    
    from Header import Header
    
    content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}'
    url = 'https://api.boacompra.com/boa-compra-end-point'
    
    a = Header(content, url)
    print a.generateHeader()
    
    """Python 3.x"""
    from urllib.parse import urlparse
    import hashlib
    import hmac
    
    class Header:
    
      __secretKey = '123'
      __storeId = 10
    
      def __init__(self, content, url):
        self.__setHttpVerb(url)
        self.__setContentMd5(content)
    
      def __setHttpVerb(self, url):
        urlParsed = urlparse(url)
        self.__httpVerb = urlParsed.path + urlParsed.query
    
      def __setContentMd5(self, content):
        self.__contentMd5 = hashlib.md5(content.encode()).hexdigest()
    
      def __generateAuthorization(self):
        authContent = self.__httpVerb + self.__contentMd5
    
        return hmac.new(
          self.__secretKey.encode(),
          authContent.encode(),
          hashlib.sha256
        ).hexdigest()
    
      def generateHeader(self):
        return {
          'Accept': 'application/vnd.boacompra.com.v2+json; charset=UTF-8',
          'Content-Type': 'application/json',
          'Content-MD5': self.__contentMd5,
          'Authorization': str(self.__storeId) + ':' + self.__generateAuthorization()
        }
    
    from Header import Header
    
    content = '{"transaction-id":123456789,"amount":10.57,"notify-url":"https://virtualstore.com/notifications","test-mode":0}'
    url = 'https://api.boacompra.com/boa-compra-end-point'
    
    a = Header(content, url)
    print(a.generateHeader())
    

    Errors

    Code Key Description
    10102 header_contentmd5_invalid Content-MD5 header doesn’t match with the expected
    10203 header_accept_bad_format Header Accept with bad format
    10204 header_accept_format_missing Missing Format on header Accept
    10205 header_accept_charset_missing Missing Charset on header Accept
    10206 header_accept_application_invalid Invalid Application on Accept Header
    10207 header_accept_format_invalid Invalid Format on Accept Header
    10208 header_accept_charset_invalid Invalid Charset on Accept Header
    10209 header_accept_version_invalid Invalid Version on Accept Header