API

Die Signatur wird durch Konkatenation aller Parameter im Format "key:value;" gebildet und mit dem Client Secret als SHA1 HMAC signiert. Arrays und Objekte werden übersprungen. Den Client Secret finden Sie in Ihrem Händlerkonto.

Beispiel für die Generierung einer Signatur in PHP:

<?php

function buildSignature($params, $clientSecret)
{
    ksort($params);

    $paramsString = '';
    foreach($params AS $key => $value)
    {
        if($key == 'sign') continue;
        if(is_array($value)) { continue; }
        $paramsString .= $key .':'. $value .';';
    }
    $sign = hash_hmac('sha1', $paramsString, $clientSecret);

    return $sign;
}

$clientSecret = '123'; // Client Secret
$params = array(
    'method' => 'orderstatus',
    'order_id' => 1,
    'shopid' => '123' // Client ID
);
$params['sign'] = buildSignature($params, $clientSecret);

Beispiel für die Generierung einer Signatur in JavaScript:

function buildSignature(params, clientSecret)
{
    var paramsString = '';
    Object.keys(params).sort().forEach(function(key)
    {
        if (key === 'sign') return;
        if(typeof params[key] == 'object') return;
        paramsString += '' + key + ':' + params[key] + ';';
    });

    var crypto = require('crypto');
    paramsString = crypto.createHmac('sha1', clientSecret).update(paramsString).digest('hex');
    return paramsString;
}

var clientSecret = '123'; // Client Secret
var params = {
    method: 'orderstatus',
    order_id: 1,
    shopid: '123' // Client ID
}
params.sign = buildSignature(params, clientSecret);

    

Beispiel für die Generierung einer Signatur in Python:

import base64
import hashlib
import hmac
def buildSignature(params, key):
	# Sort the parameters by key
	sorted_params = dict(sorted(params.items()))
	# Initialize an empty string to build the parameter string
	params_string = ''
	# Iterate through the sorted parameters
	for k, v in sorted_params.items():
		# Skip the 'sign' key
		if k == 'sign':
			continue
		# Skip values that are lists
		if isinstance(v, list):
			continue
		# Concatenate key and value into the params_string
		params_string += f'{k}:{v};'
	# Generate HMAC-SHA1 hash
	hashed = hmac.new(key.encode(), params_string.encode(), hashlib.sha1)
	# Return the hex digest of the hash
	return hashed.hexdigest()
SECRET_KEY = "SECRET KEY"
params_dict = {
	"method": "market_pricelist",
	"shopid": "CLIENT_ID",
	"game": "cs2",
}

signature = buildSignature(params_dict, SECRET_KEY)
params_dict['sign'] = signature

Beispielanfrage mit Signatur in PHP:

<?php
$params = array(
	'shopid' => '1', // Client ID
    'method' => 'create',
	'order_id' => 1,
	'steam_id' => '76561198827262007',
	'trade_token' => 'i1ArBZey',
	'currency' => 'usd'
);
$clientSecret = '123123123123213';
// @see https://skinsback.com/de/docs/api/v1/signature/
$params['sign'] = buildSignature($params, $clientSecret);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://skinsback.com/api.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close ($ch);
var_dump($server_output);

Webhook: Beispiel zur Überprüfung der Signatur in PHP:

<?php

$clientSecret = '123'; // Client Secret
// @see https://skinsback.com/de/docs/api/v1/signature/
if($_POST['sign'] != buildSignature($_POST, $clientSecret))
{
    die('Wrong signature');
}