Overview

In order to connect to this API, a Private key needs to be calculated by the Partner and sent for each request.

Every partner, who want to consume services exposed by the ACCOR Payment API, should send the signature as a parameter on the body of the http request.

 

How to generate a HMAC SHA Key ?

The partner must implement the algorithm described below to generate a SHA Key for each request.

Hash Algorithm used: HMAC-256.

 

This is the implementation on JAVA

    public static String calculHmacShaSign256(Map < String, String > listParams, String key) {

        String result = "";

        try {

            String data = "";

            for (Entry < String, String > val: listParams.entrySet()) {

                if (val.getValue() != null &&

                    !StringUtils.isEmpty(val.getValue())) {

                    data = data + val.getKey().toUpperCase() + "=" +

                        val.getValue();

                }

            }

 

            final Charset asciiCs = Charset.forName("UTF-8");

            final Mac sha256_HMAC = Mac.getInstance("HmacSHA256");

            final ByteBuffer keyBuffer = asciiCs.encode(key != null ? key : "HmacSHA256");

            byte[] keyArray = Arrays.copyOfRange(keyBuffer.array(), keyBuffer.arrayOffset() + keyBuffer.position(), keyBuffer.arrayOffset() + keyBuffer.limit());

            final SecretKeySpec secret_key = new javax.crypto.spec.SecretKeySpec(keyArray, "HmacSHA256");

            sha256_HMAC.init(secret_key);

 

            sha256_HMAC.init(secret_key);

            final ByteBuffer dataBuffer = asciiCs.encode(data);

            byte[] dataArray = Arrays.copyOfRange(dataBuffer.array(), dataBuffer.arrayOffset() + dataBuffer.position(), dataBuffer.arrayOffset() + dataBuffer.limit());

 

            final byte[] mac_data = sha256_HMAC.doFinal(dataArray);

 

            for (final byte element: mac_data) {

                result += Integer.toString((element & 0xff) + 0x100, 16)

                    .substring(1);

            }

 

        } catch (NoSuchAlgorithmException e) {

            log.error(

                "An NoSuchAlgorithmException occured during the verifyShaSign256Key : {}",

                e.getMessage());

        } catch (InvalidKeyException e) {

            log.error(

                "An InvalidKeyException occured during the verifyShaSign256Key : {}",

                e.getMessage());

            e.printStackTrace();

        }

        return result;

 

    }

 

How to calculate the signature ?

The signature is based on the Algorithm defined above.

As parameter, this method needs 2 parameters:

  • listParams : Map object defined in the SHA Sign Calculation, combine key of the map as attribute name and Value of the map as the value defined of this attribute
  • key : the partner key provided below

 

Note: The key of the map is normally sorted by attribute name otherwise use TreeMap as object definition. You need to put in the TreeMap all not null and not empty parameters of a different type than Object or Array (i.e. : String, Integer, Number, ...) ordered alphabetically.

Also the map value should be convert as String before the calculation.

 

The partnerKey will be provided by ACCOR separately and securely to the Partner.

 

 

About us

We are far more than a worldwide leader. We are 300,000 hospitality experts placing people at the heart of what we do, and nurturing real passion for service and achievement beyond limits. We take care of millions of guests in our 5,000 addresses.