Authorization
This authorization system is designed to enable third-party access to secured endpoints by verifying the authenticity of requests using a secret-based authentication process.
To access secured endpoints, the third party must send a request containing a valid token generated using their secret, a nonce (number used once), and their client ID.
In order to access secured endpoints using the Secret and Nonce-Based Authorization method, you'll need to follow these steps to generate the required credentials and use them to send authorized requests:
Obtain your Client ID and Secret: You'll need a unique Client ID and a Secret provided by honei Support Team. Make sure to store the Secret securely, as it is crucial for generating valid tokens.
Obtain Venue API Key: This key identifies a specific venue registered in honei and is used to authorize requests related to that venue. Each restaurant will have a different unique identifier.
Generate a Nonce: For each request, create a unique and random string called a nonce. This value should be long enough and sufficiently random to prevent collisions (two requests generating the same nonce).
Generate a Token: Use the Secret, the generated nonce, and a SHA-256 hashing algorithm to create a token. Concatenate the nonce and the Secret, hash the result, and then encode the hash in Base64.
Send an Authorized Request: Include the generated token, nonce, and your Client ID in the HTTP headers when sending a request to a secured endpoint. Use the following header names:
x-client-id: The unique identifier for the authorized third party.x-nonce: The unique and random string generated by the third party for the request.x-token: The Base64-encoded hash of the nonce concatenated with the secret.venue-api-key: The unique identifier provided by the honei support team for the specific venue.
Last updated