Example Usage
HMAC Authentication
Example Usage
The following are examples on how to collect data from the API endpoints using different languages. The token information (name, secret and identifier) gets provided when you create a webhook through the API. Alternatively, contact us on hello@credfin.io and we can create them for you and provide integration assistance. This information is then called when you receive the event application.completed.
Python
1def get_bundle(self, application_id):
2 token = {
3 "name": "webhook-name",
4 "secret": "webhook-secret",
5 "identifier": "webhook-identifier"
6 }
7
8 method = 'GET'
9 body = ''
10 root_url = 'https://credfin.io'
11 path = '/api/applications/{}/bundle'.format(application_id)
12 timestamp = datetime.datetime.utcnow().strftime(
13 "%a, %d %b %Y %H:%M:%S GMT")
14 contentType = 'application/json'
15
16 hash = hashlib.md5(body.encode())
17 contentMD5 = b64encode(hash.digest()).decode('utf-8')
18 message_parts = [method, contentMD5, contentType, timestamp, path]
19 message = '\n'.join(message_parts)
20
21 signature = hmac.new(bytes(token['secret'], 'latin-1'),
22 bytes(message, 'latin-1'), digestmod=hashlib.sha256)
23 hmac_base64 = b64encode(signature.digest()).decode('utf-8')
24
25 headers = {
26 'Date': timestamp,
27 'Content-MD5': contentMD5,
28 'Content-Type': contentType,
29 'Authorization': 'HMAC {}:{}'.format(token['identifier'], hmac_base64)
30 }
31
32 request = requests.Request(
33 'GET', '{}{}'.format(root_url, path),
34 data=body, headers=headers)
35 prepped = request.prepare()
36 prepped.headers = headers
37
38 with requests.Session() as session:
39 response = session.send(prepped)
40
41 if response.status_code != 200:
42 print("Bad status code: {}".format(response.status_code))
43 print("Bad status: {}".format(response.text))
44 print(root_url, path)
45 raise()
46
47 print('Retrieved bundle')
48 bundle = response.json()
49 return bundle
Javascript
1async function getFromAPI(path) {
2 const token = {
3 name: 'xxxx',
4 secret: 'xxxx',
5 identifier: 'xxxx',
6 };
7
8 const method = 'GET';
9 const body = '';
10
11 const root = 'https://credfin.io';
12 const timestamp = new Date().toUTCString();
13 const contentType = 'application/json';
14
15 const hash = crypto.createHash('md5');
16 hash.update(body);
17 const contentMD5 = hash.digest('base64');
18
19 const messageParts = [method, contentMD5, contentType, timestamp, path];
20 const message = messageParts.join('\n');
21
22 const hmac = crypto.createHmac('sha256', token.secret);
23 hmac.update(message);
24 const hmacBase64 = hmac.digest('base64');
25
26 const headers = {
27 Date: timestamp,
28 'Content-MD5': contentMD5,
29 'Content-Type': contentType,
30 Authorization: `HMAC ${token.identifier}:${hmacBase64}`,
31 };
32
33 const response = await fetch(root + path, {
34 method,
35 headers,
36 body: body == '' ? null : body,
37 });
38
39 if (!response.ok) {
40 throw new Error(await response.text());
41 }
42
43 return response;
44}
PHP
1public function rawApiCall($identifier, $secret, $method, $path, $body = '')
2{
3 $now = now();
4 $token = [
5 'secret' => $secret,
6 'identifier' => $identifier,
7 ];
8 $root = 'https://credfin.io';
9
10 $timestamp = $now->format('D, d M Y H:i:s')
11 $contentType = 'application/json';
12 $hash = md5($body, true);
13 $contentMD5 = base64_encode($hash);
14 $messageParts = [
15 $method,
16 $contentMD5,
17 $contentType,
18 $timestamp,
19 $path,
20 ];
21 $message = implode("\n", $messageParts);
22 $hash = hash_hmac('sha256', $message, $token['secret'], true);
23 $hmacBase64 = base64_encode($hash);
24 $headers = [
25 'Date' => $timestamp,
26 'Content-MD5' => $contentMD5,
27 'Content-Type' => $contentType,
28 'Authorization' => 'HMAC '.$token['identifier'].':'.$hmacBase64,
29 ];
30 $response = $this->client->request($method, $root.$path, [
31 'verify' => false,
32 'body' => $body ? $body : null,
33 'headers' => $headers,
34 'timeout' => 15
35 ])->getBody()->getContents();
36 $bytes = strlen($body);
37 $secondsToRun = $now->diffInSeconds(now());
38 return $response;
39}