API

La firma se genera concatenando todos los parámetros en el formato "key:value;" y luego se convierte en un HMAC SHA1 firmado con el Client Secret. Los arreglos y objetos se omiten. Puede obtener el Client Secret en el panel de control del comerciante.

Ejemplo de generación de firma en PHP:

<?php

function buildSignature($params, $clientSecret)
{
    ksort($params);

    $paramsString = '';
    foreach($params AS $key => $value)
    {
        if($key == 'sign') continue;
        if(is_array($value)) { continue; }
        $paramsString .= $key .':'. $value .';';
    }
    $sign = hash_hmac('sha1', $paramsString, $clientSecret);

    return $sign;
}

$clientSecret = '123'; // Client Secret
$params = array(
    'method' => 'orderstatus',
    'order_id' => 1,
    'shopid' => '123' // Client ID
);
$params['sign'] = buildSignature($params, $clientSecret);

Ejemplo de generación de firma en JavaScript:

function buildSignature(params, clientSecret)
{
    var paramsString = '';
    Object.keys(params).sort().forEach(function(key)
    {
        if (key === 'sign') return;
        if(typeof params[key] == 'object') return;
        paramsString += '' + key + ':' + params[key] + ';';
    });

    var crypto = require('crypto');
    paramsString = crypto.createHmac('sha1', clientSecret).update(paramsString).digest('hex');
    return paramsString;
}

var clientSecret = '123'; // Client Secret
var params = {
    method: 'orderstatus',
    order_id: 1,
    shopid: '123' // Client ID
}
params.sign = buildSignature(params, clientSecret);

    

Ejemplo de generación de firma en Python:

import base64
import hashlib
import hmac
def buildSignature(params, key):
	# Sort the parameters by key
	sorted_params = dict(sorted(params.items()))
	# Initialize an empty string to build the parameter string
	params_string = ''
	# Iterate through the sorted parameters
	for k, v in sorted_params.items():
		# Skip the 'sign' key
		if k == 'sign':
			continue
		# Skip values that are lists
		if isinstance(v, list):
			continue
		# Concatenate key and value into the params_string
		params_string += f'{k}:{v};'
	# Generate HMAC-SHA1 hash
	hashed = hmac.new(key.encode(), params_string.encode(), hashlib.sha1)
	# Return the hex digest of the hash
	return hashed.hexdigest()
SECRET_KEY = "SECRET KEY"
params_dict = {
	"method": "market_pricelist",
	"shopid": "CLIENT_ID",
	"game": "cs2",
}

signature = buildSignature(params_dict, SECRET_KEY)
params_dict['sign'] = signature

Ejemplo de solicitud con firma en PHP:

<?php
$params = array(
	'shopid' => '1', // Client ID
    'method' => 'create',
	'order_id' => 1,
	'steam_id' => '76561198827262007',
	'trade_token' => 'i1ArBZey',
	'currency' => 'usd'
);
$clientSecret = '123123123123213';
// @see https://skinsback.com/es/docs/api/v1/signature/
$params['sign'] = buildSignature($params, $clientSecret);

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,"https://skinsback.com/api.php");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$server_output = curl_exec($ch);
curl_close ($ch);
var_dump($server_output);

Webhook: ejemplo de verificación de firma en PHP:

<?php

$clientSecret = '123'; // Client Secret
// @see https://skinsback.com/es/docs/api/v1/signature/
if($_POST['sign'] != buildSignature($_POST, $clientSecret))
{
    die('Wrong signature');
}