Transaction sealing API operations (REST)
Important
To be able to use transaction sealing, parameter "Transaction sealing" must be set to "yes" in the "Service parameters" of your inWebo administration console.
If this parameter is not available/displayed in your console, please contact your sales representative at inWebo.
About "sealed data",
There is no fixed limit for the <data> parameters (containing hash values)
URL:SealVerify
https://api.myinwebo.com/FS?action=sealVerify + parameters
Mandatory parameters:
&serviceId= <id of the service> //integer
&userId=<login> //string
&token=<OTP received from the client app> //string
&data=<sealed data> //string
Optional parameters:
&format=json // allows to get the API response in json format instead of XML format
Response:
By default, response is in XML. It contains:
err: operation result (« OK » or « NOK:<cause> ;»)
name: name of the device that performed the sealing
alias: alias of the device that performed the sealing
version: version of the device that performed the sealing
platform: platform of the device (the one you passed to mAccess)
type: will be “mac” (your application developed with mAccess)
- timestamp: timestamp of the API call
If the ID of the service set in the URL is not valid the returned error code is: « NOK:srv unknown ». If the login set is not a valid login of the service the returned error code is: « NOK:account unknown ».
Other error codes:
NOK:NoKey: user does not have a sealing key. This means that he has not activated your app
NOK:BadData: The data sealing in the OTP is different from the one sent in as an input parameter. Potential MITM.
NOK:FORBIDDEN: Sealing option is not authorized for your account. Contact inWebo Sales.
- NOK: other errors
Format of XML response:
<sealVerify>
<err>Error Code</err>
<name>appname</name>
<alias>device alias</alias>
<version>app version</version>
<platform>Platform</platform>
<type>mac</type>
<timestamp>timestamp</timestamp>
</sealVerify>
Format of JSON response:
{"err":"","name":"","alias":"","type":"","version":"","platform":"","timestamp":""}
sealDeferredVerify
URL:
https://api.myinwebo.com/FS?action=sealDeferredVerify + parameters
Mandatory parameters:
&serviceId= <id of the service> //integer
&userId=<login> //string
&token=<OTP received from the client app> //string
&data=<sealed data> //string
&date=<seal date> // timestamp unix (nombre de seconde depuis 01/01/1970)
Optional parameters:
&format=json // allows to get the API response in json format instead of XML format
Response:
By default, response is in XML. It contains:
err: operation result (« OK » or « NOK:<cause> ;»)
name: name of the device that performed the sealing
alias: alias of the device that performed the sealing
version: version of the device that performed the sealing
platform: platform of the device (the one you passed to mAccess)
type: will be “mac” (your application developed with mAccess)
- timestamp: timestamp of the API call
If the ID of the service set in the URL is not valid the returned error code is: « NOK:srv unknown ». If the login set is not a valid login of the service the returned error code is: « NOK:account unknown ».
Other error codes:
NOK:NoKey: user does not have a sealing key. This means that he has not activated your app
NOK:BadData: The data sealing in the OTP is different from the one sent in as an input parameter. Potential MITM.
NOK:FORBIDDEN: Sealing option is not authorized for your account. Contact inWebo Sales.
- NOK: other errors
Format of XML response:
<sealDeferredVerify>
<err>Error Code</err>
<name>appname</name>
<alias>device alias</alias>
<version>app version</version>
<platform>Platform</platform>
<type>mac</type>
<timestamp>timestamp</timestamp>
</sealDeferredVerify>
Format of JSON response:
{"err":"","name":"","alias":"","type":"","version":"","platform":"","timestamp":""}