Can't generate signature for Lazada's API in NodeJS

Question

I am trying to consume Lazada API through HTTP requests in NodeJS and it requires a signature as one of the parameters. To generate that, I'm using the js-256 package but for some reason I'm getting an IncompleSignature error.

The exact error message:

{ type: 'ISV',
  code: 'IncompleteSignature',
  message: 'The request signature does not conform to lazada standards',
  request_id: '0be6e79215428302067761224' }

My code:

var sha256 = require('js-sha256');


module.exports = function(app, Request){

    app.get('/', function(req,res){

        var access_token = "myToken";
        var app_key = "myAppKey";
        var order_id = "36835322434";
        var sign_method = "sha256";
        var timestamp = new Date().timestamp;

        var concatenatedString = "/order/items/getaccess_token"+access_token
        +"app_key"+app_key
        +"order_id"+order_id
        +"sign_method"+sign_method
        +"timestamp"+new Date().getTime();


        var hash = sha256.hmac.create("myAppSecret");
        hash.update(concatenatedString);

        var httpRequestLink = "http://api.lazada.co.th/rest/order/items/get?access_token="+access_token
        +"&app_key="+app_key
        +"&order_id="+order_id
        +"&sign_method="+sign_method
        +"&timestamp="+new Date().getTime()
        +"&sign="+hash.hex();

        Request.get(httpRequestLink, (error, response, body) => {
            if(error) {
                return console.log(error);
            }
            console.log(JSON.parse(body));
        }); 

    });

}

Would really appreciate if someone can help me out here. Thanks

Could you try changing the url from `http` to `https`? – Hossam El-Deen Nov 24 '18 at 12:36 — Hossam El-Deen, Nov 24 '18 at 12:36

score 1 · Answer 1 · answered Apr 15 '21 at 04:20

1

My code work perfectly with follow generate sign by this package.

const CryptoJS = require("crypto-js");
const config = require('config')
const LAZADA_SECRET_KEY = config.get("LAZADA_SECRET_KEY")


exports.encryptMessage = (path) =>
    new Promise((resolve, reject) => {
    const encryptMessage = CryptoJS.HmacSHA256(path, LAZADA_SECRET_KEY).toString(
        CryptoJS.enc.Hex,
    );

    let sign = encryptMessage.toUpperCase();

    return resolve(sign);
});

answered Apr 15 '21 at 04:20

May Noppadol

638
8
9

For others. From [this page](https://open.lazada.com/doc/doc.htm?spm=a2o9m.11193535.0.0.5e9038e4KXua74#?nodeId=10451&docId=108069) in the step 5. You can convert this line `hex(sha256(/order/getaccess_tokentestapp_key123456order_id1234sign_methodsha256timestamp1517820392000))` to `CryptoJS.HmacSHA256('/order/getaccess_tokentestapp_key123456order_id1234sign_methodsha256timestamp1517820392000', 'helloworld').toString(CryptoJS.enc.Hex).toUpperCase()`. You will get `4190D32361CFB9581350222F345CB77F3B19F0E31D162316848A2C1FFD5FAB4A` that is the same result like in the document. – Athachai Jan 11 '22 at 04:02

Sourabh Bhutani · Answer 2 · 2018-11-29T06:11:53.823

0

I'll suggest to add npm package lazada-open-platform-sdk url https://www.npmjs.com/package/lazada-open-platform-sdk.

You can easily call lazada api's by its functions and mostly all are integrated by them.For finanace and seller apis which are not integrated by package for that you can use access_token generated by generateAccessToken and call apis.

edited Nov 29 '18 at 06:11

answered Nov 29 '18 at 06:01

Sourabh Bhutani

623
11
21

Can't generate signature for Lazada's API in NodeJS

2 Answers2