{% extends 'bundles/NelmioApiDocBundle/SwaggerUi/base.html.twig' %}

{% block content %}
    <div class="container pt-5 pb-5">

        <div class="shadow rounded p-3 mb-5">
            <h3>HMAC API Authentication</h3>

            <hr>

            <p class="mb-5"> To authenticate for any API call you will have to add 4 headers for each
                             request.</p>

            <ul class="list-group list-group-flush">
                <li class="list-group-item">
                    <strong>Header: </strong> <code>x-api-key</code>
                    <p>API Key given by Paynetics</p>
                </li>

                <li class="list-group-item">
                    <strong>Header: </strong> <code>x-type</code>
                    <p>Type will be given by Paynetics</p>
                </li>

                <li class="list-group-item">
                    <strong>Header: </strong> <code>x-timestamp</code>
                    <p>
                        Current UNIX timestamp. <br><br>
                    </p>
                </li>

                <li class="list-group-item mb-5">
                    <strong>Header: </strong> <code>x-hash</code>
                    <p>
                        HMAC sha256. Use secret key for hash vector. <br>
                        Body of the hash is formed by concatenating <br><br>
                        <kbd>API Key</kbd>+<kbd>Timestamp</kbd>+<kbd>Operation</kbd>+<kbd>Content Body <span
                                    class="text-danger">(Required: POST+PUT request)</span></kbd>
                    </p>
                </li>
            </ul>
        </div>

        <div class="shadow rounded p-3 mb-5">
            <h5><i>Hash Generation Examples: </i></h5>

            <ul class="list-group list-group-flush">
                <li class="list-group-item">
                    <strong>Get Request</strong> <br>
                    <code>HMAC_SHA256 with API Secret of </code><br>
                    <kbd>07364675-5b2a-4d35-bd2c-b93e696aa53f1625399941cards_list</kbd>
                </li>

                <li class="list-group-item">
                    <strong>Post Request</strong> - Complete POST body which is sent <br>
                    <code>HMAC_SHA256 with API Secret of </code><br>
                    <kbd>07364675-5b2a-4d35-bd2c-b93e696aa53f1625399941init_web{"openBankAccount":true,"issueCard":true}</kbd>
                </li>

                <li class="list-group-item">
                    <strong>Put Request</strong> - Complete PUT body which is sent <br>
                    <code>HMAC_SHA256 with API Secret of </code><br>
                    <kbd>07364675-5b2a-4d35-bd2c-b93e696aa53f1625399941init_web{"name":"Paynetics"}</kbd>
                </li>

                <li class="list-group-item mt-5">
                    <strong class="text-underline">Important:</strong>
                    <ul class="list-group list-group-flush p-0 mt-3">
                        <li class="list-group-item bg-transparent">
                            <strong class="text-danger mb-3">Body content whitespaces will be omitted when comparing
                                                             hashes!</strong>
                            <p>
                                <strong>{ " name ": " Paynetics " }</strong> <i>will be</i>
                                <strong>{"name":"Paynetics"}</strong>
                            </p>

                        </li>
                        <li class="list-group-item bg-transparent">
                            <strong class="text-danger mb-3">Max request timestamp difference with current timestamp
                                                             is 15 seconds!</strong>
                            <p>
                                For example if request timestamp is 1591096701 and current timestamp is 1591096720
                                <br>
                                request will not be authorized!
                            </p>
                        </li>
                    </ul>
                </li>
            </ul>
        </div>

        <div class="shadow rounded p-3">

            <h5><i>Example cURL Request:</i></h5>

            <div class="code-box">
                <code>
                    curl -XGET -H 'x-api-key: {replace-with-api-key}' -H 'x-timestamp:
                    {replace-with-unix-timestamp}' -H 'x-hash: {replace-with-sha256-generated-hash}' -H
                    "Content-type: application/json" 'https://secure.payoo.cloud/v1/init'
                </code>
            </div>
        </div>

    </div>
{% endblock %}