Authentication

MCAPI uses Basic Auth to allow access to the API. Basic Auth is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service.

Besides secured with Basic Auth token, MCAPI also generate signature to ensure that the request or response cannot be intercepted and impersonated by unauthorized user. This signature is generated using SHA256-HMAC algorithm.

Mandatory headers in all API calls besides Get Token:

Authorization: Basic base64_encode(user:pass)

Signature

1. Sort ascending parameter name

IE: json request is

{
  "requestType": "getToken",
  "phoneNumber": "081286288844",
  "reqDtime": "20181127182011",
  "transNumber": "20181234567890"
}

result is

phoneNumber
reqDtime
requestType
transNumber

2. Join all parameter

08128628884420181127182011getToken20181234567890

3. Hash using hash_hmac sha256 with keysignature

keysignature is hexa from secret key

secretkey 		: e4sierApPs2020
keysignature 	: 6534736965724170507332303230

4. Convert to upper result of point 3

 55C9AF15C92408C32211894D70BA1E0C02CE17BEAD626934F61C01A3117A05CF

Example code to generate signature

function signature($array,$kunci){
	unset($array['signature']);
	ksort ($array);
	$output = '';
	foreach($array as $key=>$val){
	  	$output .= $val;
	}
	$output = hash_hmac('sha256', $output, strToHex($kunci));
	return strtoupper($output);
}

Signature​

1. Sort ascending parameter name​

2. Join all parameter​

3. Hash using hash_hmac sha256 with keysignature​

4. Convert to upper result of point 3​