HOW TO AUTHENTICATE YOUR REQUESTS

Access keys

Each app has a server access key used by Cloud API to upload and manage images. The server access key is the public server key that is provided for all your licensed apps when you buy the Cloud Recognition API for your Cloud Recognition Plan.

All APIs are blocking calls – that is, they return only when all of the processing is finished, so it is important to design your app UI to expect some delay on the more complex calls.

Making API Calls

  1. Add the server access key to the header of any Cloud API requests, see below.
  2. Submit a well formed Cloud API request to https://ws.crs.pikkart.com. using "text/html" content-type/
  3. Parse the JSON body of the Cloud API request response.

All calls to use the Cloud API must include an authorization header field. The field looks like the following example:

Authorization: {server_access_key}:{Signature}

The Signature is a string that is formatted from the concatenation of these fields:

Signature = Base64(HMAC-SHA1(server_secret_key, StringToSign ) ) ;
StringToSign =
  HTTP-Verb + "|" +
  Content-MD5 + "|" +
  Date + "|" +
  Request-Path and Query;

Where:

  • HTTP-Verb is the HTTP method used for the action, for example, GET, POST, and so forth.
  • Content-MD5 is the hexadecimal MD5 hash of the whole request body (from the first boundary to the last one, including the boundary itself). For request types without request body, include the MD5 hash of an empty string which is “d41d8cd98f00b204e9800998ecf8427e”.
  • Date is the current date per RFC 2616, section 3.3.1, rfc1123-date format, for example, Fri, 2 Sep 2016 09:00:00 GMT.
  • NOTE: The date and time always refer to GMT.