Security

Token checking

If a the Marketplace server send you a notice, this API allows you to cryptographically verify that the Marketplace really sent you that notice.

POST /notices

Request

Parameters:
  • qs – In some cases the Marketplace may redirect to a URL on your server. This parameter is the complete query string (after the ‘?’) that the Marketplace sent to you. Example: result=success&transaction_id=123&sig=0:1bcde2f3fccdd...

Response

If the signature of the notice is correct you can trust that all values in the query string were sent to you by the the Marketplace service.

Parameters:
  • result – Result of the signature check. Possible values: OK, FAIL.
  • reason – In the case of a failure, this is the reason why.

A successful signature check results in this:

{
  "result": "OK",
}

A failed signature check looks like this (this is a 200 response):

{
  "result": "FAIL",
  "reason": "signature mismatch"
}

In case of an error:

{
  "code": "InvalidArgument",
  "message": {
    "qs": "This field is required."
  }
}
Status Codes:
  • 200 – success.
  • 409 – conflict.