Skip to content

Instantly share code, notes, and snippets.

@infosec-au
Created October 1, 2021 02:51
Show Gist options
  • Save infosec-au/2c4c6f6dd57a086931ed55b0aecaa07b to your computer and use it in GitHub Desktop.
Save infosec-au/2c4c6f6dd57a086931ed55b0aecaa07b to your computer and use it in GitHub Desktop.
Interact with capillary APIs
<?php
// Author : Shubs (@infosec_au)
// Edited by Supras to make it public + clear some parts
// Requirement : php, php-curl, php-xml
// $ php api_capillary_ecom.php
// the XML response is printed out to console
// APIs URL
// See : https://capillary.github.io/ecom-api-document/
$orderURL = 'https://www.martjack.com/developerapi/Customer/MERCHANT_ID/All'; // Don't forget to edit MERCHANT_ID value
// Don't forget to edit PUBLIC_KEY, SECRET values
$auth = new ReturnAuth(array('key' => 'PUBLIC_KEY', 'secret' => 'SECRET', 'url' => $orderURL)); // Don't forget to edit PUBLIC_KEY, SECRET values
$result = $auth->getRequestToken();
echo($result);
class ReturnAuth {
var $key = 'PUBLIC_KEY'; // Don't forget to edit PUBLIC_KEY value
var $secret = 'SECRET'; // Don't forget to edit SECRET value
function __construct($config) {
$this->key = 'PUBLIC_KEY'; // Don't forget to edit PUBLIC_KEY value
$this->secret = 'SECRET'; // Don't forget to edit SECRET value
$this->request_token = $config['url']; // secret from MJ
}
function getRequestToken() {
// Default params
$params = array("oauth_version" => "1.0", "oauth_nonce" => time(), "oauth_timestamp" => time(), "oauth_consumer_key" => $this->key, "oauth_signature_method" => "HMAC-SHA1");
// BUILD SIGNATURE
// encode params keys, values, join and then sort.
$keys = $this->_urlencode_rfc3986(array_keys($params));
$values = $this->_urlencode_rfc3986(array_values($params));
$params = array_combine($keys, $values);
uksort($params, 'strcmp');
// convert params to string
foreach ($params as $k => $v) {
$pairs[] = $this->_urlencode_rfc3986($k) . '=' . $this->_urlencode_rfc3986($v);
}
$concatenatedParams = implode('&', $pairs);
// form base string (first key)
$baseString = "GET&" . $this->_urlencode_rfc3986($this->request_token) . "&" . $this->_urlencode_rfc3986($concatenatedParams);
//~ $GLOBALS['log']->fatal("Base String " . $baseString);
// form secret (second key)
$secret = $this->_urlencode_rfc3986($this->secret) . "&";
// make signature and append to params
$params['oauth_signature'] = $this->_urlencode_rfc3986(base64_encode(hash_hmac('sha1', $baseString, $secret, TRUE)));
// BUILD URL
// Resort
uksort($params, 'strcmp');
// convert params to string
foreach ($params as $k => $v) {
$urlPairs[] = $k . "=" . $v;
}
$concatenatedUrlParams = implode('&', $urlPairs);
// form url
$url = $this->request_token . "?" . $concatenatedUrlParams;
// Send to cURL
//~ $GLOBALS['log']->fatal("print url to log");
//~ $GLOBALS['log']->fatal($url);
return $this->_http($url);
}
function _http($url, $post_data = null) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 100);
curl_setopt($ch, CURLOPT_TIMEOUT, 100);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE);
if (isset($post_data)) {
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
}
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/Json', 'Connection: Keep-Alive', 'apiversion: 3'));
$response = curl_exec($ch);
//~ $GLOBALS['log']->fatal($response);
//~ $GLOBALS['log']->fatal(print_r($response,true));
$this->http_status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$this->last_api_call = $url;
curl_close($ch);
echo($response);
$xml = simplexml_load_string($response);
$json = json_encode($xml);
$array = json_decode($json, TRUE);
return $array;
}
function _urlencode_rfc3986($input) {
if (is_array($input)) {
return array_map(array('ReturnAuth', '_urlencode_rfc3986'), $input);
} else if (is_scalar($input)) {
return str_replace('+', ' ', str_replace('%7E', '~', rawurlencode($input)));
} else {
return '';
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment