Authentication

To sign requests, you can use the following code examples that demonstrate how to authenticate with the Uniwire API using HMAC-SHA256 signatures.

API Keys

You can obtain API Keys by logging in and creating a key in Settings > API Keys. This will give you both an "API Key" that will serve as your user name, and an "API Secret" that you will use to sign messages.

Request Requirements

All requests must contain a nonce, a number that will never be repeated and must increase between requests. This is to prevent an attacker who has captured a previous request from simply replaying that request. We recommend using a timestamp at millisecond or higher precision. The nonce need only be increasing with respect to the session that the message is on.

Payload

The payload of the requests must be a JSON object, which will be described in the documentation below. Rather than being sent as the body of the POST request, it will be base-64 encoded and stored as a header in the request.

TIP

Do not submit payload as POSTed data, but instead put it in the X-CC-PAYLOAD header.

Required Headers

The following three headers is all that is required to make requests to Uniwire API:

Header	Value
X-CC-KEY	Your Uniwire API Key
X-CC-PAYLOAD	Base64-encoded JSON payload
X-CC-SIGNATURE	`hex(HMAC_SHA256(base64(payload), key=api_secret))`

Client Examples

pythonjavascriptphp

python

import base64
import hashlib
import hmac
import json
import time
import requests

API_URL = 'https://api.uniwire.com'
API_KEY = 'my_api_key'
API_SECRET = 'my_api_secret'


def encode_hmac(key, msg, digestmod=hashlib.sha256):
    return hmac.new(key.encode(), msg=msg, digestmod=digestmod).hexdigest()


def uniwire_api_request(endpoint, payload=None, method='GET'):
    payload_nonce = str(int(time.time() * 1000))
    payload = payload or {}
    payload.update({'request': endpoint, 'nonce': payload_nonce})

    # Encode payload to base64 format and create signature using your API_SECRET
    encoded_payload = json.dumps(payload).encode()
    b64 = base64.b64encode(encoded_payload)
    signature = encode_hmac(API_SECRET, b64)

    # Add your API key, encoded payload and signature to following headers
    request_headers = {
        'X-CC-KEY': API_KEY,
        'X-CC-PAYLOAD': b64,
        'X-CC-SIGNATURE': signature,
    }

    # Make request
    response = requests.request(method, API_URL + endpoint, headers=request_headers)
    return response.json()


profiles = uniwire_api_request('/v1/profiles/')
print(json.dumps(profiles, indent=2))

javascript

const axios = require('axios');
const Base64 = require('js-base64').Base64;
const crypto = require('crypto');

const API_URL = 'https://api.uniwire.com';
const API_KEY = 'my_api_key';
const API_SECRET = 'my_api_secret';

function encode_hmac(key, msg) {
    return crypto.createHmac('sha256', key).update(msg).digest('hex');
}

function uniwire_api_request(endpoint, payload = {}, method = 'GET') {
    payload.request = endpoint;
    payload.nonce = (new Date).getTime();

    // Encode payload to base64 format and create signature using your API_SECRET
    const encoded_payload = JSON.stringify(payload);
    const b64 = Base64.encode(encoded_payload);
    const signature = encode_hmac(API_SECRET, b64);

    // Add your API key, encoded payload and signature to following headers
    let request_headers = {
        'X-CC-KEY': API_KEY,
        'X-CC-PAYLOAD': b64,
        'X-CC-SIGNATURE': signature,
    };

    return axios({
        method: method,
        url: API_URL + endpoint,
        headers: request_headers,
    });
}

uniwire_api_request('/v1/profiles/').then(function (response) {
    console.log(response);
}).catch(function (error) {
    console.log(error);
});

php

function cryptochill_api_request($endpoint, $payload = [], $method = 'GET'){
    $API_URL = 'https://api.cryptochill.com';
    $API_KEY = 'your_api_key';
    $API_SECRET = 'your_secret';

    $payload['request'] = $endpoint;
    $payload['nonce'] = time();

    // Encode payload to base64 format and create signature using your API_SECRET
    $encoded_payload = json_encode($payload, JSON_UNESCAPED_SLASHES);
    $b64 = base64_encode($encoded_payload);
    $signature = hash_hmac('sha256', $b64, $API_SECRET);

    // Add your API key, encoded payload and signature to following headers
    $request_headers = [
        'X-CC-KEY: ' . $API_KEY,
        'X-CC-PAYLOAD: ' . $b64,
        'X-CC-SIGNATURE: ' . $signature,
    ];

    $result = file_get_contents($API_URL . $endpoint, null, stream_context_create(array(
        'http' => array(
            'method' => $method,
            'header' => implode("\r\n", $request_headers),
            'ignore_errors' => true,
            'content' => $encoded_payload)
        )
    ));

    return $result;
}

Authentication ​

API Keys ​

Request Requirements ​

Payload ​

Required Headers ​