ご利用ガイドAPIリファレンス更新内容Recipes
APIリファレンス

Examples of Saison Connect Api usage - python

1961

About the state transmission of authorization level

1860

About the function scope of authorization level

🚧

About the encoding format of the payload

All the payload below sent to Saison connect API should be encoded in URL with urllib.parse.urlencode(payload).

Step 1: get authorization code

GET access(with browser): /auth/screen/:member/authorize

{
    "client_id": "ZT300",
    "response_type": "code",
    "scope": "foo,bar,blabla..." <- nullable
}

type in ID and PASSWORD

get authorization code -> https://apit.saisoncard.co.jp/demo/api/screen_token?code=[HERE IS THE CODE]

Step 2: get access token/refresh token

POST access(with browser or headless): /auth/token

{
    "X-API-VERSION": "1",
    "Content-type": "application/x-www-form-urlencoded; charset=UTF-8"
}

{
    "grant_type": "authorization_code",
    "client_id": "[Your client ID]",
    "client_secret": "[Your client secret]",
    "code": "[The code you got at Step 1]"
}

Step 3: do request

GET or POST access(with browser or headless): any other endpoints except ones for authorization

{
    "X-API-VERSION": "1",
    "Content-Type": "application/x-www-form-urlencoded",
    "authorization": "MAC id=\"[access_token]\" ts=\"[time_stamp]\" nonce=\"[nonce]\" mac=\"[mac]\""
}

about the authorization

parameter_namedatatypecomments
idstringaccess_token
tsuint(unix_timestamp)timestamp
noncestringa random string in regex format: [0-9a-zA-z]{10}(e.g. abcde12345)
macstringmain information for authorization, generated by gen_mac
import hmac
import hashlib
import base64

def gen_mac(mac_str, client_secret):
    raw_signature = hmac.new(
        bytes(client_secret, "UTF-8"),
        msg=bytes(mac_str, "UTF-8"),
        digestmod=hashlib.sha256
    ).digest()
    
    b64_mac = base64.b64encode(raw_signature).decode("ascii")
    
    return b64_mac

mac_str = "{}\n{}\nPOST\n{}\n{}\n{}\n\n".format(
    timestamp, nonce,
    endpoint, "apit.saisoncard.co.jp", 443
)
# endpoint: A URL without protocol name(http(s)) and domain sections, 
#           e.g. /auth/account/profile for TEB001

📘

About the payload of accessing to endpoint

the actual payload format should follows the API interface definition,
below is an example.

{
    "data_flg": 1,
    "info_key": "card_meisho_sousho,birthday,sex,sex_name,add_cdA"
}