2.2.1.Authorization

This authorization check must be done for all calls, except the shipping method request.

Example:

function microtime_float()
{
    list($usec, $sec) = explode(" ", microtime());
    return ((float)$usec + (float)$sec);
}
 
//get full url of the call
$api_key = 'Your stored Qwindo API Key';// This can be found within your website profile at Qwindo Control
$url = get_current_url(); // This should be the full URL including parameters
$hash_id = 'Your stored HASH ID'; // This can be found within your website profile at Qwindo Control
$timestamp = microtime_float();
$auth = explode('|', base64_decode($header['Auth']));
$message = $url.$auth[0].$hash_id;
$token = hash_hmac('sha512', $message, $api_key);
 
 
 
//in this check you can count the diff between your timestamp and the timestamp of the call. If the timestamp is grater than etc 10 //seconds you reject the call (key will be valid only for just some time.)
if($token !== $auth[1] and round($timestamp - $auth[0]) > 10)
{
    //not valid call
} else {
    //valid call
}

For more information about obtaining the authorisation keys, please go to Feed Setup.

Connection
For Qwindo Requests we require the feed URL to be on a SSL secure connection, meaning a valid and signed SSL certificate must be in place.

Suggest Edit