If you are on this page, we assume that:
You already have an access key;

Have knowledge on how to perform HTTP requests (for the RESTfull endpoints).

To make calls to our APIs is necessary first authenticate the request.

We think security on the web is pretty important, and recommend using HTTPS whenever possible. As part of our efforts to make the web more secure, we’ve made all of the Maplink APIs available over HTTPS. Using HTTPS encryption makes your site more secure, and more resistant to snooping or tampering.

You have two ways to authenticate the request, generating a signature for each request or passing the token in request.

A valid request with signature is composed of:

  • Request URL: service base url / version / service ? query string
  • e.g. http://api.maplink.com.br/v0/search?q=hotel

  • Application code parameter
  • e.g.&applicationCode=yourApplicationCode

  • Signature parameter
  • e.g.&signature=theCalculatedSignature


Mandatory parameters for a signed request
Parameter
Value
Description
applicationCode
your client application code
Indicates the client public key
signature
the signature of this request
The signature calculated based on the request URL ( path and query )

http://api.maplink.com.br/version/service/resource?parameters=values&applicationCode=[APPLICATION_CODE]&signature=[SIGNATURE]

The authentication process is done upon one way cryptographic hash using the client token as the private key. Below the steps to generate the signature of your request: (examples bellow each step)

  • Build the url of the request with the application code parameter
  • http://api.maplink.com.br/v0/search?q=Brasil&applicationCode=MyAppCode

  • Take the path and the query from this url (and the request body if POST request)
  • /v0/search?q=Brasil&applicationCode=MyAppCode GET request
    /v0/search?q=Brasil&applicationCode=MyAppCode[request_body] POST request

  • Replace the ‘-’ character with ‘+’, and ‘_’ with ‘/’ on your token
  • "token-With-Invalid_Characters" becomes: "token+With+Invalid/Characters"

  • Generate the signature using the HMAC-SHA1 algorithm and the client token as key
  • Token example: c29tZSB2YWxpZCB0b2tlbg==
    Signature generated using the request and token above: 79D7t0uEZU9CliTfJVZ5X/ORYss=

  • Make the signature url-safe, replacing ‘+’ with ‘-’ and ‘/’ with ‘_’
  • The signature "79D7t0uEZU9CliTfJVZ5X/ORYss=" becomes: "79D7t0uEZU9CliTfJVZ5X_ORYss="

  • Add the signature parameter with the result obtained above
  • http://api.maplink.com.br/v0/search?q=Brasil&applicationCode=MyAppCode&signature=79D7t0uEZU9CliTfJVZ5X_ORYss=

You can see some examples of how generate signature in differents languages in the tab examples.

Examples of how to generate signature in C#, Python, Java and Node

Using your credentials (application code and token/key), you can generate the signature for ad hoc testing. Fill the fields bellow with the desired API call and the credentials and press “generate signature”. A link for the API with the authentication parameters properly built, will be shown.





You can also use your token directly in the request to authenticate, however, it’s not recommended if you had not enable IP and domain validations (contact us if you need help to do it)

The request will be composed of:

  • Request URL: Base service URL + version + desired query and parameters to be used in the search;
  • Token;


Parameter
Value
Description
token
your token
token provided by the maplink team

http://api.maplink.com.br/version/service/resource?parameters=values&token=[TOKEN]