EMail SupportWindows Support / Mac Support Support-Hotline: +1 (702) 997-7672

(emergency support 24/7/365 | user help Mon - Fri 8AM - 6PM PST)

API Authentication

26
Jul

API Access

The API is proved through REST web services. The default format is standard JSON. Access to the API is only granted to verified applications. Each application owns its public application ID and its private secret. Each application can access multiple KORONA.pos Cloud accounts. Applications need to have a token for every account.

Get Access Token

This action has to be performed once for each account. The token should always be kept private and only be stored on the server side.

Requirements:

  • Application ID
  • Application Secret
  • Api Key

Acquire Token

HTTP GET Request:

https://128.koronacloud.com/api/v1/auth/{application ID}/{secret}/{Api Key}

Result:

{token}

Example

HTTP GET Request:

https://128.koronacloud.com/api/v1/auth/017b4179-b8f2-4226-b7ae-764f97e42bef/ksdj38slken98sn3o/01aidlrxffxtan0gqqv2b9kh5me01o62qt5r4sjka01mvck502cdgvy

Result:

01kfx78l43nh8q01w6p45zll9c2c1odm6f4cvpfsm010utjh3gw4rd9

Example Code (PHP)

$appId = "017b4179-b8f2-4226-b7ae-764f97e42bef";
$secret = "ksdj38slken98sn3o";

$apiKey = "01aidlrxffxtan0gqqv2b9kh5me01o62qt5r4sjka01mvck502cdgvy";

$koronaApiUrl = "https://128.koronacloud.com/api"

$token = file_get_contents("$koronaApiUrl/v1/auth/$appId/$secret/$apiKey");

echo "token: $token";

Data Security

In order to protect sensitive data Combase requires the following behavior for any application using the Korona.pos Cloud API.

  • Application Secret must remain private and should only be accessible by the application developer/owner.
  • API Keys should only be accessible by the account owner and the application developer/owner. It should only be used to acquire an API token and neither stored nor used at any later time.
  • Cookies, client side storage or client side URLs must not contain application secret or API token at any time!

Use Token

In order to perform any further API calls which access data of a particular account the token will always be required.

HTTP API Request:

https://128.koronacloud.com/api/v1/{token}/{request}

Follow the API Data Calls Tutorial to find out about how to fetch data using the API token.