- Previous: oAuth
- Up: Using the APIs
- Next:
Sample Code
Java
/*
* Libraries used in this example are :
* Apache Common Codec http://commons.apache.org/proper/commons-codec/
* Apache Commons http://commons.apache.org/proper/commons-lang/index.html
* Resty http://beders.github.io/Resty/Resty/Overview.html
*/
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.lang3.RandomStringUtils;
import us.monoid.web.Resty;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
public class RestExample {
/*
* You can register at https://developer.capitalonelabs.com/ for your application key/secret but here are sample
* API_KEY, API_SECRET for examples.
* Generally need to use oAuth or Identification API to get user ACCESS_TOKEN, more details
* at https://developer.capitalonelabs.com/apis, we have included a sample access token here (for demo purpose ONLY).
*/
private static final String API_KEY = "25jweQheWUtGDGjLfQJ3jEhY";
private static final String API_SECRET = "Vwx8dXMoyOhHC8tC";
private static final String ACCESS_TOKEN = "VUQsnQtY8YcPbhL3YcBWKzxt";
private static final String URL = "https://api-sandbox.capitalone.com/rewards/v1";
public static void setHeaders(Resty resty) throws NoSuchAlgorithmException,UnsupportedEncodingException {
resty.withHeader("Authorization", "Bearer " + ACCESS_TOKEN);
resty.withHeader("Api-Key", API_KEY);
long timestamp = System.currentTimeMillis() / 1000;
String nonce = RandomStringUtils.randomAlphanumeric(30);
String toHash = API_KEY + API_SECRET + nonce + timestamp;
MessageDigest md = MessageDigest.getInstance("SHA-256");
byte[ ] thedigest = md.digest(toHash.getBytes("UTF-8"));
String signature = new String(Hex.encodeHex(thedigest, true));
resty.withHeader(
"Signature",
String.format(
"nonce=\"%s\", timestamp=\"%d\", method=\"HMAC-SHA256\", signature=\"%s\"",
nonce, timestamp, signature));
}
public static void main(String[] args) throws Exception {
Resty resty = new Resty();
setHeaders(resty);
String response = resty.json(URL + "/health").toObject().toString();
System.out.println(response);
String balance = resty.json(URL + "/balance").toObject().toString();
System.out.println(balance);
}
}
Node JS
var crypto = require('crypto');
var https = require('https')
/*
* You can register at https://developer.capitalonelabs.com/ for your application key/secret but here are sample
* API_KEY, API_SECRET for examples.
* Generally need to use oAuth or Identification API to get user ACCESS_TOKEN, more details
* at https://developer.capitalonelabs.com/apis, we have included a sample access token here (for demo purpose ONLY).
*/
var apiKey = '25jweQheWUtGDGjLfQJ3jEhY';
var apiSecret = 'Vwx8dXMoyOhHC8tC';
var accessToken = 'VUQsnQtY8YcPbhL3YcBWKzxt';
var url = 'api-sandbox.capitalone.com';
var timestamp = Math.floor((new Date().getTime()) / 1000);
var nonce = randomString(30);
var toHash = apiKey.concat(apiSecret).concat(nonce).concat(timestamp);
var hash = crypto.createHash('sha256').update(toHash).digest("hex");
var signature = hash.toString();
var options = {
host: url,
port:443,
path: '/rewards/v1/balance',
method: 'GET',
headers: {
"Api-Key": apiKey,
"Authorization": "Bearer " + accessToken,
"Accept": "application/json",
"Content-Type": "application/json",
"Signature": "nonce=\""+nonce+"\", timestamp=\""+timestamp+"\", method=\"HMAC-SHA256\", signature=\""+signature+"\""
}
};
https.request(options, function(res) {
console.log('STATUS: ' + res.statusCode);
console.log('HEADERS: ' + JSON.stringify(res.headers));
res.setEncoding('utf8');
res.on('data', function (chunk) {
console.log('BODY: ' + chunk);
});
}).end();
function randomString(stringLength) {
var chars = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXTZabcdefghiklmnopqrstuvwxyz';
var randomstring = '';
for (var i=0; i<stringLength; i++) {
var rnum = Math.floor(Math.random() * chars.length);
randomstring += chars.substring(rnum,rnum+1);
}
return randomstring;
}
Python
import time
import random
import string
import hashlib
import binascii
import httplib2
''' You can register at https://developer.capitalonelabs.com/ for your application key/secret but here are sample API_KEY, API_SECRET for examples. Generally need to use oAuth or Identification API to get user ACCESS_TOKEN, more details at https://developer.capitalonelabs.com/apis, we have included a sample access token here (for demo purpose ONLY). '''
API_KEY = "25jweQheWUtGDGjLfQJ3jEhY"
API_SECRET = "Vwx8dXMoyOhHC8tC"
ACCESS_TOKEN = "VUQsnQtY8YcPbhL3YcBWKzxt"
URL = "https://api-sandbox.capitalone.com/rewards/v1"
def sign(token, api_key, secret):
ts = time.time()
nonce = ''.join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for x in range(30))
tohash = api_key + secret + nonce + ('%d' % ts)
digest = hashlib.sha256(tohash.encode("utf-8")).digest()
sig = binascii.hexlify(digest)
headers = {
'Content-Type': 'application/json',
'api-key': api_key,
'signature': "nonce=\"%s\", timestamp=\"%d\", method=\"HMAC-SHA256\", signature=\"%s\"" % ( nonce, ts, sig.decode("utf-8"))
}
if token:
headers["Authorization"] = "Bearer " + token
return headers
apiheaders = sign(ACCESS_TOKEN, API_KEY, API_SECRET)
h = httplib2.Http()
response, content = h.request(URL+"/balance", 'GET', headers=apiheaders)
print(content.decode('utf-8'
- Previous: oAuth
- Up: Using the APIs
- Next:
