API Authentication
To maintain a secure API and protect the data held within the platform all of Eagle Eye API's are secured with a ClientId and Hash passed in the headers of every request.
Please contact your Account Manager if you require authentication credentials to be set up.
Authentication Hashes
The Eagle Eye APIs all follow the same authentication mechanics. They all require two pre-shared key values:
- ClientId
- Secret
Authentication Mechanic
To work through some examples let's assume the below values for the two pre-shared values:
- ClientId: 1234567890
- Secret: 0987654321
Headers
Two headers are required to complete authentication and are listed in the table below.
| Header | Description |
|---|---|
| X-EES-AUTH-CLIENT-ID | The clientId supplied by Eagle Eye during onboarding. |
| X-EES-AUTH-HASH | The hash generated for a particular request |
The X-EES-AUTH-CLIENT-ID should have the value “1234567890”. This value is exactly as shared.
The X-EES-AUTH-HASH value needs be calculated for every request. This value is calculated by concatenating together multiple values to generate a string that is subsequently hashed using the SHA256 algorithm. This hash value needs to be generated by the platform you're integrating with AIR for each API request made.
uri + body + secret
The examples below show how this value is calculated in practice. There are free online tools available to help you generate the hash values in these examples. One such tool is available here:
GET Request
URI being called: /wallet/555555
/wallet/5555550987654321Note in the above example there is no request body as it’s a get request so the body is “”.
SHA256 of the above string:
- 76e132ab2154bb7139258b65134ddaf74c12a4242ce136b87a7335292fddc068
Final header values to pass:
- X-EES-AUTH-CLIENT-ID: 1234567890
- X-EES-AUTH-HASH: 76e132ab2154bb7139258b65134ddaf74c12a4242ce136b87a7335292fddc068
GET Request with query parameters
URI being called: /wallet?identity-value=[email protected]
Note in the above example there is no request body as it’s a get request so the body is “”.
SHA256 of the above string:
- 148bdd946c7fe809eaca3c11b415a6e4d240d5f5647a33d436ad3dcb3eef25fb
Final header values to pass:
- X-EES-AUTH-CLIENT-ID: 1234567890
- X-EES-AUTH-HASH: 148bdd946c7fe809eaca3c11b415a6e4d240d5f5647a33d436ad3dcb3eef25fb
POST Request
URI being called: /wallet/555555/campaign/444444/account
{
"status": "ACTIVE",
"state": "LOADED"
}/wallet/555555/campaign/444444/account{
"status": "ACTIVE",
"state": "LOADED"
}0987654321Note in the above the body must be EXACTLY as it gets sent in the request.
SHA256 of the above string:
- d1b15d18d9f9e539e4a032b540be72e183e2b8391cafc0a82d851adc091cde5f
Final header values to pass:
- X-EES-AUTH-CLIENT-ID: 1234567890
- X-EES-AUTH-HASH: d1b15d18d9f9e539e4a032b540be72e183e2b8391cafc0a82d851adc091cde5f
POST Request with query parameters
URI being called: /services/wallet/consumer?identity-value= [email protected]
{
"type": "INDIVIDUAL",
"status": "ACTIVE",
"data": {
"contact": [
{
"name": "rebate",
"type": "email",
"value": "[email protected]"
}
]
}
}/services/wallet/[email protected]{
"type": "INDIVIDUAL",
"status": "ACTIVE",
"data": {
"contact": [
{
"name": "rebate",
"type": "email",
"value": "[email protected]"
}
]
}
}0987654321Note in the above the body must be EXACTLY as it gets sent in the request.
SHA256 of the above string:
- 131d678c9bc1eb6c91cae36b4211f27f2a107358d0953e9b45ac783d89ec2dbf
Final header values to pass:
- X-EES-AUTH-CLIENT-ID: 1234567890
- X-EES-AUTH-HASH: 131d678c9bc1eb6c91cae36b4211f27f2a107358d0953e9b45ac783d89ec2dbf
Updated about 5 hours ago