Knowledge Center

Knowledge Center > API > REST API > REST API Reference > HMAC Signatures

HMAC Signatures

This REST API reference describes how to return unique signature and token values that used to process a CORS enabled API call.

Request

  • Production: POST https://api.zuora.com/rest/v1/hmac-signatures
  • API Sandbox: POST https://apisandbox-api.zuora.com/rest/v1/hmac-signatures

Request body

uri

required

The URI of the API object the customer will make a CORS enabled call to.

e.g. "https://api.zuora.com/rest/v1/payment-methods/credit-cards"

method

required

Possible values are: GETPOSTPUT, DELETEOPTIONS

<field_n>

conditional

The <field_n> field name must be replaced with the name of a valid property or field in the CREST API specified by combining the contents of the method and uri fields (see above). 

The required APIs and their corresponding field names are as follows:

The value of <field_n> should be one that is valid for the specified API field.

For example, if method = POST and uri =  https://api.zuora.com/rest/v1/payment-methods/credit-cards, then a valid field name is: accountKey. The value of the accountKey field should be an ID of the customer account to update, such as A00000001.

Response

Response Body

signature

Contains a keyed-hash message authentication code (HMAC)

e.g. ZmI0ZjE2ZTMxMWY1YjA0ZTc4MTg1ZDhlYWRkMTEwNDE3M2RiMzNiNQ==<

token

Contains a token code. e.g. gCH6gYqQffQCsFKSLuxyagXsuXcIK0uf

success

Contains true if successful, otherwise false.

processId The ID of the process that generated the error e.g. 1AA4FDFC25059EAD. Only returned if success is false.

reasons

Information on one or more reasons for the result. Only returned if success is false.

code

Eight-digit numeric error code

message

Description of the error

Error Codes

An unsuccessful call will result in an error code being returned in JSON in the following format:

90000011

{ "success" : false, "reasons" : [ { "message" : "Invalid token. Note: a token can only be used once.", "code" : 90000011 } ] }

90000010

{ "success" : false, "reasons" : [ { "message" : "This API is not CORS enabled.", "code" : 90000010 } ] }

59010220

{ "success": false, "processId" : "1AA4FDFC25059EAD", "reasons": [ { "code": 59010220, "message": "'uri' may not be empty" } ] }

Examples

Create Payment API

This API creates a new credit card payment method for a specified customer account. See Create payment method for more information.

HTTP/JSON request:

POST https://api.zuora.com/rest/v1/hmac-signatures

JSON request:

{
  "uri": "https://api.zuora.com/rest/v1/payment-methods/credit-cards",
  "method": "POST",
  "accountKey": "A00000001"
}
JSON response:
{
    "signature": "ZmI0ZjE2ZTMxMWY1YjA0ZTc4MTg1ZDhlYWRkMTEwNDE3M2RiMzNiNQ==",
    "token": "gCH6gYqQffQCsFKSLuxyagXsuXcIK0uf",
    "success": true
}

CURL request:

curl -i -k -H "apiAccessKeyId:test@zuora.com" -H "apiSecretAccessKey:sasa" -H  "Accept:application/json"  -H  "Content-Type:application/json" -X POST https://api.zuora.com/rest/v1/hmac-signatures -d '
{
  "uri": "https://api.zuora.com/rest/v1/payment-methods/credit-cards",
  "method": "POST",
  "accountKey": "A00000001"
}'

JSON response:

{
    "signature": "ZmI0ZjE2ZTMxMWY1YjA0ZTc4MTg1ZDhlYWRkMTEwNDE3M2RiMzNiNQ==",
    "token": "gCH6gYqQffQCsFKSLuxyagXsuXcIK0uf",
    "success": true
}

Create Account API

This API creates a new customer account with billTo/soldTo contacts and a credit-card payment method. See Create account method for more information.

HTTP/JSON request:

POST https://api.zuora.com/rest/v1/hmac-signatures

JSON request:

{
  "uri": "https://api.zuora.com/rest/v1/accounts",
  "method": "POST",
  "name": "Leo"
}
JSON response:
{
    "signature": "ZmI0ZjE2ZTMxMWY1YjA0ZTc4MTg1ZDhlYWRkMTEwNDE3M2RiMzNiNQ==",
    "token": "gCH6gYqQffQCsFKSLuxyagXsuXcIK0uf",
    "success": true
}

CURL request:

curl -i -k -H "apiAccessKeyId:test@zuora.com" -H "apiSecretAccessKey:sasa" -H  "Accept:application/json"  -H  "Content-Type:application/json" -X POST https://api.zuora.com/rest/v1/hmac-signatures -d '
{
  "uri": "https://api.zuora.com/rest/v1/accounts",
  "method": "POST",
  "name": "Leo"
}

JSON response:

{
    "signature": "ZmI0ZjE2ZTMxMWY1YjA0ZTc4MTg1ZDhlYWRkMTEwNDE3M2RiMzNiNQ==",
    "token": "gCH6gYqQffQCsFKSLuxyagXsuXcIK0uf",
    "success": true
}
Last modified
22:40, 11 May 2016

Tags

Classifications

(not set)