I get the error {« code »: »1002″, »message »: »Authorization error: Full authentication is required to access this resource »}. What should i do ?

The message {« code »: »1002″, »message »: »Authorization error: Full authentication is required to access this resource »} indicates an Authentication problem.

Indeed, the API money platform needs to authenticate the platform that initiated the request (your server).

You can start with an easy request of type GET, without « body », such as GET/accounts
In addition, this will allow you to get your Partner Account IDentifier, already created in the system (https://www.api-money.com/docs/#Accountservices-Createanaccount-Standard & https://www.api-money.com/docs/#Overview-Authentication).

Below is a step by step and detailed example of request building, using the following test parameters :

1°) First step : « StringToSign »

The first step consists in building the « message » to sign.

StringToSign = api_access_key:timestamp:version:
=> StringToSign = k1rXpphkRG!2-Fox::1:

Note / Warning  :

The timestamp (unix) indicates the number of seconds since midnight 1st January 1970 GMT (cf. http://www.timestamp.fr).
In API-money request, you have to indicate the timestamp – in milliseconds – related to the time your server sent the request to API-money platform (please check the date and time / clock of your server) .

2°) Second step : « Sign »

The second step is about how to calculate the HMCA (SHA256) from the « message » to sign and the secret key.
The HMAC guarantee the integrity of the message.

Sign = HMAC-SHA256(StringToSign, api_secret_key)
Sign = HMAC-SHA256(k1rXpphkRG!2-Fox::1:,E0!oYfVpA6-noiqGr-pT7AJ2ybT4r7lx)
=> Sign =

You can check the calculation of the HMAC by using, for example, the tool : https://www.freeformatter.com/hmac-generator.html#ad-output :

3°) Third step ; Request (in theory)

Now you just need to generate and send the request to the URL of the platform 

GET /accounts
Authorization : AUTH api_access_key:timestamp:version:Sign

=>
GET /accounts
Authorization : AUTH k1rXpphkRG!2-Fox::1:

4°) Fourth step ; Request (in practice : exmple with CURL) 

To check if the request works properly, you can use the following CURL instruction :

curl -i -H « Authorization: AUTH k1rXpphkRG!2-Fox::1: » -X GET https://test-emoney-services.w-ha.com/api/accounts

CAREFUL : this request is available only for 1 hour in the test environment (sandbox) !

You should get a result that look like this :

[{« id »: »AS-0895358735216643″, »type »: »STANDARD », »status »: »ACTIVE », »creationDate »: »2017-09-20T16:23:45+0200″, »tag »: »account_type1″, »kyc_level »: »LEVEL_1″},{« id »: »AS-5205597398211593″, »type »: »STANDARD », »status »: »ACTIVE », »creationDate »: »2017-09-15T15:41:28+0200″, »tag »: »Test Fabien », »kyc_level »: »LEVEL_1″}]