Authentication

Use the login method for the authentication process in the 2Checkout system.

Parameters

Type/Description

merchantCode

Required (string)

Your merchant identifier (received from 2Checkout).

date

Required (string)

UTC ISO Date format (e.g. 2010-01-01 12:13:14)

hash

Required (string)

Calculated HMAC SHA256 signature based on MerchantCode and Date, using your secret key (see example below).

Response

Parameter

Type/Description

sessionID

string

Session identifier string. An exception will be thrown if the values are incorrect. The sessionID expires in 10 minutes.

Request

To create the HMAC_SHA256 source string, use your merchant code and the date of the request, prefixing them with the length in bytes of each respective value, along with your account’s secret key (for UTF-8 characters, the length in bytes might be longer than the string length). For example:

Parameters

Type/Description

merchantCode

Avangate

8AVANGATE

date

2010-05-13 12:12:12

192010-05-13 12:12:12

HMAC source string

8AVANGATE192010-05-13 12:12:12

Secret key

SECRET_KEY

Calculated HMAC_SHA256 signature based on MerchantCode and Date, using your secret key: bf763db7d333e9c3038698cf59ada3e6.

Request Example

example.php

<?php

/**
 * @throws JsonException
 */
function callRPC($Request, $hostUrl)
{
    $curl = curl_init($hostUrl);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($curl, CURLOPT_SSLVERSION, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'Accept: application/json']);
    $RequestString = json_encode($Request, JSON_THROW_ON_ERROR);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $RequestString);

    $ResponseString = curl_exec($curl);

    if (!empty($ResponseString)) {
        $Response = json_decode($ResponseString, false, 512, JSON_THROW_ON_ERROR);
        if (isset($Response->result)) {
            return $Response->result;
        }
        if (!is_null($Response->error)) {
            echo("Method: {$Request->method}" . PHP_EOL);
            echo("Error: {$Request->error}" . PHP_EOL);
        }
    } else {
        return null;
    }

    return null;
}

$host = 'https://api.avangate.com/channel-manager/2.1/rpc/';

$merchantCode = "YOUR_MERCHANT_CODE";// your account's merchant code available in the 'System settings' area of the cPanel: https://secure.2checkout.com/cpanel/account_settings.php
$key = "YOUR_SECRET_KEY";// your account's secret key available in the 'System settings' area of the cPanel: https://secure.2checkout.com/cpanel/account_settings.php

$string = strlen($merchantCode) . $merchantCode . strlen(gmdate('Y-m-d H:i:s')) . gmdate('Y-m-d H:i:s');
$algo = 'sha256';
$hash = hash_hmac($algo, $string, $key);

$i = 1; // counter for api calls
// call login
$jsonRpcRequest = new stdClass();
$jsonRpcRequest->jsonrpc = '2.0';
$jsonRpcRequest->method = 'login';
$jsonRpcRequest->params = [$merchantCode, gmdate('Y-m-d H:i:s'), $hash, $algo];
$jsonRpcRequest->id = $i++;

try {
    $sessionID = callRPC($jsonRpcRequest, $host);
    echo("Auth token: {$sessionID}" . PHP_EOL);
} catch (JsonException $e) {
    echo("Error: {$e->getMessage()}" . PHP_EOL);
}

Errors

Error

Description

AUTHENTICATION_FAILED

Authentication failed

FORBIDDEN

Forbidden area

PreviousJSON-RPC 2.1 NextWorkflow

Last updated 5 months ago

Was this helpful?

example.php

<?php

/**
 * @throws JsonException
 */
function callRPC($Request, $hostUrl)
{
    $curl = curl_init($hostUrl);
    curl_setopt($curl, CURLOPT_POST, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($curl, CURLOPT_SSLVERSION, 0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($curl, CURLOPT_HTTPHEADER, ['Content-Type: application/json', 'Accept: application/json']);
    $RequestString = json_encode($Request, JSON_THROW_ON_ERROR);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $RequestString);

    $ResponseString = curl_exec($curl);

    if (!empty($ResponseString)) {
        $Response = json_decode($ResponseString, false, 512, JSON_THROW_ON_ERROR);
        if (isset($Response->result)) {
            return $Response->result;
        }
        if (!is_null($Response->error)) {
            echo("Method: {$Request->method}" . PHP_EOL);
            echo("Error: {$Request->error}" . PHP_EOL);
        }
    } else {
        return null;
    }

    return null;
}

$host = 'https://api.avangate.com/channel-manager/2.1/rpc/';

$merchantCode = "YOUR_MERCHANT_CODE";// your account's merchant code available in the 'System settings' area of the cPanel: https://secure.2checkout.com/cpanel/account_settings.php
$key = "YOUR_SECRET_KEY";// your account's secret key available in the 'System settings' area of the cPanel: https://secure.2checkout.com/cpanel/account_settings.php

$string = strlen($merchantCode) . $merchantCode . strlen(gmdate('Y-m-d H:i:s')) . gmdate('Y-m-d H:i:s');
$algo = 'sha256';
$hash = hash_hmac($algo, $string, $key);

$i = 1; // counter for api calls
// call login
$jsonRpcRequest = new stdClass();
$jsonRpcRequest->jsonrpc = '2.0';
$jsonRpcRequest->method = 'login';
$jsonRpcRequest->params = [$merchantCode, gmdate('Y-m-d H:i:s'), $hash, $algo];
$jsonRpcRequest->id = $i++;

try {
    $sessionID = callRPC($jsonRpcRequest, $host);
    echo("Auth token: {$sessionID}" . PHP_EOL);
} catch (JsonException $e) {
    echo("Error: {$e->getMessage()}" . PHP_EOL);
}