API docs - Portal Venta en Verde Lider.cl
API docs - Portal Venta en Verde Lider.cl

# Headers and digital sign

# Auth Headers

 WM_CONSUMER.ID:<your_consumer_id> WM_SEC.KEY_VERSION: <your_key_version> WM_CONSUMER.INTIMESTAMP: <current_timestamp>(1634072114016) WM_SEC.AUTH_SIGNATURE: <your_signature_genereated> x-api-key:<your_api_key>

WARNING

Each of the header values obtained are one and only specific to public key, and cannot be shared across different env´s(Development or Production) , please check with soporteb2b@walmart.com to register additional public keys if necessary.

Check with soporteb2b@walmart.com for migration if you don´t have one or lost below header values
WM_CONSUMER.ID:<your_consumer_id>
WM_SEC.KEY_VERSION: <your_key_version>
x-api-key:<your_api_key>

# Signature Generation

Supplier/Vendor application needs to generate a signature based on its private key at runtime, and send it along with the request to the provider application.

Following is the signature generation logic:

  1. Create a string with the VALUES of the following header elements, (as mentioned from step 2).

WM_CONSUMER.ID (Your Consumer Id)
WM_CONSUMER.INTIMESTAMP (Current Time, Unix Epoch in Millisecond)
WM_SEC.KEY_VERSION (Private key Version)

  1. Concatenate above headers delimited by a "New Line Character (\n)".

The format and the order of the string must be as follows. This order is important for validation, and they must be alphabetically sorted.

Format:
<WM_CONSUMER.ID>\n<WM_CONSUMER.INTIMESTAMP>\n<WM_SEC.KEY_VERSION>\n

Example : WM_CONSUMER.ID : 83f82845-f12c-48ae-a7a6-8a9b0461c3ab WM_CONSUMER.INTIMESTAMP : 1440058729000 WM_SEC.KEY_VERSION : 1

Format :
83f82845-f12c-48ae-a7a6-8a9b0461c3ab\n1440058729000\n1\n
  1. The string constructed above needs to be signed using SHA256/RSA and encoded using Base64 using the private key issued during consumer onboarding. The encoded string needs to be added to the request header "WM_SEC.AUTH_SIGNATURE" .

The signature has 5 minutes TTL after which it expires, and the request fails with UNAUTHORIZED status response.

# GET /ping

URL: https://developer.api.us.walmart.com/api-proxy/service/mercuriocl/supplierapi/v1/ping

URL (Sandbox): https://developer.api.us.stg.walmart.com/api-proxy/service/mercuriocl/supplierapi/v1/ping

WARNING

Use Sandbox url only for development or testing.

  • On successful authentication of following curl sample (Note: sandbox url)
curl -v -X GET "https://developer.api.us.stg.walmart.com/api-proxy/service/mercuriocl/supplierapi/v1/ping" \
-H 'WM_CONSUMER.ID: <consumerid generated while registering a consumer>'\
-H 'WM_CONSUMER.INTIMESTAMP: <generated while inviking the api>'\
-H 'WM_SEC.KEY_VERSION: <key version generated while registering a consumer>'\
-H 'WM_SEC.AUTH_SIGNATURE: < Generated as describedin signature Generation >'\
-H 'x-api-key: <generated while registering a consumer>'
  • will respond 200 with below response format
{"pong":1634235113351}