The API uses an oauth2 JWT token for authentication. Currently it is possible to use a Resource owner password based flow to generate a token. The token is valid for 1.5 hours and must be refreshed after that time. The refresh token is valid for 2 weeks and for one refresh. The new refresh token is returned after each refresh.
Use https://my.ogoship.com server for token requests.
We only support form data and parameter data types (not json currently) for generating the token.
curl https://my.ogoship.com/OAuth/Token -d grant_type=password -d client_id=123456 -d client_secret=abcdef -d username=[merchantId] -d password=[secretToken] -d scope="read:order read:product write:product write:order"
You can find webhook models in the API description. API calls will have a "X-OGOship-Hmac-SHA256" header.
It will contain body of message HMACSHA256 calculated using Webhook key. Hash is then saved to header using Base64 encoding.
var bytes = Encoding.UTF8.GetBytes(webhookSecretKey);
var hmac = new HMACSHA256(bytes);
var hashString = Convert.ToBase64String(hmac.ComputeHash(Encoding.UTF8.GetBytes(data)));
You can test everything with a demo 123456/abcdef account.
Before you wish to go live, request your own application ID & secret from our Tech team.
When authorizing Ogoship API in swagger:
You can find username & password from https://my.ogoship.com/merchant/edit/ -> integrations tab "API information".