Correos Marketplace API - Authorization document

Welcome!

This is basic information website about Correos Marketplace API.

API Auth

Java
PHP

GenerateHmac.java

import java.util.UUID;

public class GenerateHmac {
	public static void main(String[] args) {
		
		String apiKey = "YOUR-API-KEY";
		String apiSecret = "YOUR-API-SECRET";
		String nonce = UUID.randomUUID().toString();
		HmacSignatureBuilder signatureBuilder = new HmacSignatureBuilder()
			.apiKey(apiKey)
			.nonce(nonce)
			.apiSecret(apiSecret);
		String signature = signatureBuilder.buildAsBase64String();

		String authHeader = signatureBuilder.getAlgorithm() + " " + apiKey + ":" + nonce + ":" + signature;
		System.out.println("Authorization" + "\t\t\t" + authHeader);
		
	}
}

HmacSignatureBuilder.java

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.DatatypeConverter;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Objects;

public class HmacSignatureBuilder {

	private static final String HMAC_SHA_512 = "HmacSHA512";
	private static final byte DELIMITER = '\n';
	private String algorithm = HMAC_SHA_512;
	private String nonce;
	private String apiKey;
	private byte[] apiSecret;
	
	public String getAlgorithm() {
		return HMAC_SHA_512;
	}

	public HmacSignatureBuilder algorithm(String algorithm) {
		this.algorithm = algorithm;
		return this;
	}

	public HmacSignatureBuilder apiKey(String key) {
		this.apiKey = key;
		return this;
	}

	public HmacSignatureBuilder nonce(String nonce) {
		this.nonce = nonce;
		return this;
	}

	public HmacSignatureBuilder apiSecret(byte[] secretBytes) {
		this.apiSecret = secretBytes;
		return this;
	}

	public HmacSignatureBuilder apiSecret(String secretString) {
		this.apiSecret = secretString.getBytes(StandardCharsets.UTF_8);
		return this;
	}

	public byte[] build() {
		Objects.requireNonNull(algorithm, "algorithm");
		Objects.requireNonNull(apiKey, "apiKey");
		try {
			final Mac digest = Mac.getInstance(algorithm);
			SecretKeySpec secretKey = new SecretKeySpec(apiSecret, algorithm);
			digest.init(secretKey);
			digest.update(apiKey.getBytes(StandardCharsets.UTF_8));
			digest.update(DELIMITER);
			
			if (nonce != null) {
				digest.update(nonce.getBytes(StandardCharsets.UTF_8));
			}
			digest.update(DELIMITER);
			
			final byte[] signatureBytes = digest.doFinal();
			digest.reset();
			return signatureBytes;
		} catch (NoSuchAlgorithmException | InvalidKeyException e) {
			throw new RuntimeException("Can't create signature: " + e.getMessage(), e);
		}
	}
	
	public boolean isHashEquals(byte[] expectedSignature) {
		final byte[] signature = build();
		return MessageDigest.isEqual(signature, expectedSignature);
	}

	public String buildAsHexString() {
		return DatatypeConverter.printHexBinary(build());
	}

	public String buildAsBase64String() {
		return DatatypeConverter.printBase64Binary(build());
	}
}

<?php

$api_key = 'YOUR-API-KEY';
$api_secret = 'YOUR-API-SECRET';
$nonce = 'e9d03c4f-ceba-43b8-bddd-265f23389525';

$string_to_sign = $api_key . "\n" . $nonce . "\n" ;

$digest = hash_hmac('sha512', $string_to_sign, $api_secret, true);

$header = 'Authorization: HmacSHA512 ' . $api_key . ':' . $nonce . ':' . base64_encode($digest);

echo $header;