Go tohttps://www.epochconverter.comand get the current timestamp. This will be constantly changing, but our system doesn't care that the time matches the actual time. The API only cares that the hashes match when supplied with the timestamp from the client.
Go tohttps://dotnetfiddle.netand copy in the following:
using System;
using System.Security.Cryptography;
using System.Text;
public class Program
{
public static void Main()
{
byte[] messageBytes = ASCIIEncoding.ASCII.GetBytes(string.Format("{0}{1}{2}", "COID", "d234094f-a8de-482f-ba08-c24a096d52d5", "1663276713"));
HMACSHA256 hashFunction = new HMACSHA256(Convert.FromBase64String("f2fHmNK6wcj7SMZHC3qXxIo/3wFZQVBLOpvETwAC3JY="));
byte[] computedHash = hashFunction.ComputeHash(messageBytes);
string test = Convert.ToBase64String(computedHash);
Console.WriteLine(string.Format("{0}{1}", "COID:d234094f-a8de-482f-ba08-c24a096d52d5:1663276713:", test));
}
}
Replace where it says timestamp (leaving the quotes) with the timestamp you generated. Go to API Maintenance in the admin area of MarketSharp. Replace CoID with the company ID, userkey with the API user key, and secretkey with the secret key (leaving the quotes for each). Run it and it'll generate a hash for you.
In Postman, create a request. Leave authorization as No Auth. In headers enter in "Authorization" as the key, and for the value it will be (replacing as necessary) CoID:userkey:timestamp:hash Leave the method as Get and put inhttps://api4.marketsharpm.com/WcfDataService.svc/Contacts('contactoid')for the address. Replace contactoid with a valid contact oid. Hit send and you should get valid data in the body.
If for some reason you're in the backend and need to verify that a secretkey matches what the UI is showing, you can copy secretkey from the apikey table, and paste it intohttp://tomeko.net/online_tools/hex_to_base64.phpto get the secret key the UI should be showing.