Global Error Codes
200 OK |
The request was a success. |
400 Bad Request |
Something was wrong with the request. Unless there was a problem with the construction of the request headers a response body will explain what went wrong. |
403 Forbidden |
Either you are using invalid credentials or you do not have access to the requested resource. |
404 Page Not Found |
You specified an ID or section that does not exist. For example you may have specified an id of a member to fetch and that ID is invalid. |
409 Confict |
The request conflicts with a prior request. |
500 Internal Error |
Something went wrong on our end. We’re likely aware of it however if you notice a pattern please let us know. |
501 Not Implemented |
The requested HTTP Method (GET/POST/PUT/DELETE) and Service call combination does not exist. |
Authentication
Lenddo’s REST API utilizes the widely-used Amazon standard for authentication. Authentication with the member service requires a signed string affixed to an Authentication header.
Data required for signing a request
-
Date - Formatted as such: “Mon Jan 01 HH:MM:SS GMT 2013”
- You also need to put this exact date string as the Date Header
- HTTP Method - (GET, POST, PUT, DELETE..)
- Body - NULL if HTTP Method is not POST or PUT. This is the data being sent to the server.
-
PATH - the path of the request after the host - for example: /Members/0123456789abcdef01234567
- The prefixed slash is required.
- Trailing slashes will result in a failed authorization.
-
API Key - the API Key that we provide you.
- For purposes of this documentation the ID will be be22ce0b9875611d10606e1a
-
API Secret - the API Secret that we provide you.
- For purposes of this documentation the Secret will be $2a$10$Ik0yU.RmEsI8Pr1lLVgTn.SPdFIA2tcoy/frKl3rUcTVD5GvYimli
Building the signed request
- If there is a Body present, perform a MD5 operation on it.
-
Build the String to Sign:
HTTP_METHOD + “\n” + BODY_MD5 + “\n” + DATE + “\n” + PATH
Some Examples:
- a. “GETMon Jan 01 HH:MM:SS GMT 2013/Members/0123456789abcdef01234567”
- b. “POSTe9d263d07a1533984e80ef808bd4efffMon Jan 01 HH:MM:SS GMT 2013/Members”
- c. “PUT96db961798e74718065e7a06d6d14110Mon Jan 01 HH:MM:SS GMT 2013/Members/0123456789abcdef01234567”
-
Perform a hash-hmac/sha1 hashing operation on the string you just built.
- The output of this should be binary/raw and not hexits.
- Base64 Encode the hashed string.
-
Prefix the identifier to the Authorization scheme - this is as follows:“LENDDO “ + API_ID + “:”
- if your API_ID is “be22ce0b9875611d10606e1a” your identifier will be“LENDDO be22ce0b9875611d10606e1a:”
Examples
- For the GET example above the output would be:LENDDO be22ce0b9875611d10606e1a:l6PxyV73V226B2XvaBsoWaE++Fo=
- For the POST example above the output would be:LENDDO be22ce0b9875611d10606e1a:FnSfYYxU+RTJnSr/48yLYgk1eQ0=
- For the PUT example above the output would be:LENDDO be22ce0b9875611d10606e1a:ahByLYh9Wc3yh1F+N9iLFA7B12w=
PHP Example
$date = date("D M j G:i:s T Y");
function signRequest($method, $body, $date, $url) {
$contentMd5 = NULL;
if( !empty( $body ) ) {
$contentMd5 = md5( $body );
}
$stringToSign = $method . "\n" . $contentMd5 . "\n" . $date . "\n" . $url;
$string = "LENDDO " . static::$_apiId . ":";
$string .= base64_encode(
hash_hmac( "sha1", $stringToSign, static::$_apiSecret, TRUE )
);
return $string;
}