The Pass2Wallet API uses API Keys for authentication that are tied to a specific user account.
Restrictions to your user account also apply to the API key which means that if you have only access to certain templates, you’ll obviously only see these templates, even if your Customer account contains more. The API Key needs to be passed in the Authorization HTTP Header (see below for details).
Obtaining an API Key
To obtain an API Key, log in to your Pass2Wallet account https://wallet.boostcommerce.com.au/en/login and go to Integrations → API Keys
Click on the button to create a new API Key and enter a friendly name in the form that is shown now. The name will allow you to know what you’ve used the Key for.
After you click on “Create”, the system will show you the API key that has been generated. Due to the nature of how API Keys are stored this Key can’t be restored.
If you should ever lose your API Key, please generate a new one.
Using the API Key
To authenticate and authorize yourself when using the Pass2Wallet API, you need to pass the API Key in the Authorization Header of the HTTP request.
The syntax is like this:
Authorization: <your-api-key>
Best practice
We suggest to stick to a least privilege concept when creating API Keys. This means that if you are building an integration that should only have access to a certain pass-template, we suggest to create a service user (a separate login), that is restricted to just this template.
Create an API key for just that user instead of using one that has access to all data in your account.
Examples
The following are examples on how to set the Authorization header in a couple of different programming languages.
PHP
<?php
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_URL => "http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "GET",
CURLOPT_POSTFIELDS =>"{\n\t\"pushNotificationText\": \"This comes from the API!\"\n}",
CURLOPT_HTTPHEADER => array(
"Authorization: <your-api-key>",
"Content-Type: application/json"
),
));
$response = curl_exec($curl);
curl_close($curl);
echo $response;
cURL
curl --location --request GET 'http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring' \
--header 'Authorization: <your-api-key>'
C
CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "GET");
curl_easy_setopt(curl, CURLOPT_URL, "http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring");
curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: <your-api-key>");
headers = curl_slist_append(headers, "Content-Type: application/json");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
const char *data = "{\n \"pushNotificationText\": \"This comes from the API!\"\n}";
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
res = curl_easy_perform(curl);
}
curl_easy_cleanup(curl);
GO
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring"
method := "GET"
payload := strings.NewReader("{\n \"pushNotificationText\": \"This comes from the API!\"\n}")
client := &http.Client {
}
req, err := http.NewRequest(method, url, payload)
if err != nil {
fmt.Println(err)
}
req.Header.Add("Authorization", "<your-api-key>")
req.Header.Add("Content-Type", "application/json")
res, err := client.Do(req)
defer res.Body.Close()
body, err := ioutil.ReadAll(res.Body)
fmt.Println(string(body))
}
Node.js
var http = require('follow-redirects').http;
var fs = require('fs');
var options = {
'method': 'GET',
'hostname': 'wallet.boostcommerce.com.au',
'path': '/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring',
'headers': {
'Authorization': '<your-api-key>',
'Content-Type': 'application/json'
},
'maxRedirects': 20
};
var req = http.request(options, function (res) {
var chunks = [];
res.on("data", function (chunk) {
chunks.push(chunk);
});
res.on("end", function (chunk) {
var body = Buffer.concat(chunks);
console.log(body.toString());
});
res.on("error", function (error) {
console.error(error);
});
});
var postData = JSON.stringify({"pushNotificationText":"This comes from the API!"});
req.write(postData);
req.end();
Objective-C
#import <Foundation/Foundation.h>
dispatch_semaphore_t sema = dispatch_semaphore_create(0);
NSMutableURLRequest *request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring"]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:10.0];
NSDictionary *headers = @{
@"Authorization": @"<your-api-key>",
@"Content-Type": @"application/json"
};
[request setAllHTTPHeaderFields:headers];
NSData *postData = [[NSData alloc] initWithData:[@"{\n \"pushNotificationText\": \"This comes from the API!\"\n}" dataUsingEncoding:NSUTF8StringEncoding]];
[request setHTTPBody:postData];
[request setHTTPMethod:@"GET"];
NSURLSession *session = [NSURLSession sharedSession];
NSURLSessionDataTask *dataTask = [session dataTaskWithRequest:request
completionHandler:^(NSData *data, NSURLResponse *response, NSError *error) {
if (error) {
NSLog(@"%@", error);
} else {
NSHTTPURLResponse *httpResponse = (NSHTTPURLResponse *) response;
NSError *parseError = nil;
NSDictionary *responseDictionary = [NSJSONSerialization JSONObjectWithData:data options:0 error:&parseError];
NSLog(@"%@",responseDictionary);
dispatch_semaphore_signal(sema);
}
}];
[dataTask resume];
dispatch_semaphore_wait(sema, DISPATCH_TIME_FOREVER);
Swift
import Foundation
var semaphore = DispatchSemaphore (value: 0)
let parameters = "{\n\t\"pushNotificationText\": \"This comes from the API!\"\n}"
let postData = parameters.data(using: .utf8)
var request = URLRequest(url: URL(string: "http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring")!,timeoutInterval: Double.infinity)
request.addValue("<your-api-key>", forHTTPHeaderField: "Authorization")
request.addValue("application/json", forHTTPHeaderField: "Content-Type")
request.httpMethod = "GET"
request.httpBody = postData
let task = URLSession.shared.dataTask(with: request) { data, response, error in
guard let data = data else {
print(String(describing: error))
return
}
print(String(data: data, encoding: .utf8)!)
semaphore.signal()
}
task.resume()
semaphore.wait()
Ruby
require "uri"
require "net/http"
url = URI("http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring")
http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)
request["Authorization"] = "<your-api-key>"
request["Content-Type"] = "application/json"
request.body = "{\n\t\"pushNotificationText\": \"This comes from the API!\"\n}"
response = http.request(request)
puts response.read_body
Python
import requests
url = "http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring"
payload = "{\n\t\"pushNotificationText\": \"This comes from the API!\"\n}"
headers = {
'Authorization': '<your-api-key>',
'Content-Type': 'application/json'
}
response = requests.request("GET", url, headers=headers, data = payload)
print(response.text.encode('utf8'))
Java (OkHttp)
OkHttpClient client = new OkHttpClient().newBuilder()
.build();
Request request = new Request.Builder()
.url("http://wallet.boostcommerce.com.au/api/pass/search/ab6427b6-26c9-4184-9e7b-7f2e4b2453ac/searchstring")
.method("GET", null)
.addHeader("Authorization", "<your-api-key>")
.addHeader("Content-Type", "application/json")
.build();
Response response = client.newCall(request).execute();