search

Authorization

This authorization system is designed to enable third-party access to secured endpoints by verifying the authenticity of requests using a secret-based authentication process.

To access secured endpoints, the third party must send a request containing a valid token generated using their secret, a nonce (number used once), and their client ID.

In order to access secured endpoints using the Secret and Nonce-Based Authorization method, you'll need to follow these steps to generate the required credentials and use them to send authorized requests:

  1. Obtain your Client ID and Secret: You'll need a unique Client ID and a Secret provided by honei Support Team. Make sure to store the Secret securely, as it is crucial for generating valid tokens.

  2. Obtain Venue API Key: This key identifies a specific venue registered in honei and is used to authorize requests related to that venue. Each restaurant will have a different unique identifier.

  3. Generate a Nonce: For each request, create a unique and random string called a nonce. This value should be long enough and sufficiently random to prevent collisions (two requests generating the same nonce).

const crypto = require("crypto");

function generateNonce() {
  return crypto.randomBytes(16).toString("hex");
}

  1. Generate a Token: Use the Secret, the generated nonce, and a SHA-256 hashing algorithm to create a token. Concatenate the nonce and the Secret, hash the result, and then encode the hash in Base64.

const crypto = require("crypto");

function generateToken(secret, nonce) {
  const hash = crypto.createHash("sha256");
  hash.update(nonce + secret);
  const token = hash.digest("base64");
  return token;
}

const secret = "your_secret_here";
const token = generateToken(secret, nonce);

  1. Send an Authorized Request: Include the generated token, nonce, and your Client ID in the HTTP headers when sending a request to a secured endpoint. Use the following header names:

    • x-client-id: The unique identifier for the authorized third party.

    • x-nonce : The unique and random string generated by the third party for the request.

    • x-token : The Base64-encoded hash of the nonce concatenated with the secret.

    • venue-api-key: The unique identifier provided by the honei support team for the specific venue.

PreviousGetting StartedNextTesting

Last updated