appdirectcreatehandler.js

var Arrow = require('arrow');
var https = require("https");
var oauthSignature = require('oauth-signature');

// your appdirect host
var appdirecthost = 'testappcelerator.appdirect.com';

var AppDirectHandler = Arrow.API.extend({
  group: 'appdirecthandler',
  path: '/api/appdirecthandler',
  method: 'GET',
  description: 'this api gets create notifications from appdirect',
  parameters: {
    eventUrl: {
        description: 'eventUrl'
    }
  },
  action: function(req, resp, next) {
      console.log('\nAppDirectHandler API called');
      // get the event url that appdirect sent
      
      var event = req.query.eventUrl;
      console.log('eventUrl = '+event);
      
      //sign the url 
      oauthHTTPMethod(event, 'GET', function(signedURL) {
      console.log('The Signed URL returned ' + signedURL);

      //It returns the full url.  Remove the domain. https://yada.com
      var subURL = signedURL.substring(appdirecthost.length +8);
      console.log("subURL =" + subURL);
      
      //Retrieve the event information
      performRequest(subURL, 'GET', {}, function(data){
        // handle account create here and return the correct status code. 
        console.log("this is data = " +JSON.stringify(data));
      
           
        
      
      });
     
  

    });
 
      //Right now I am always returning success but this should be based on if the task was really successful. 
      resp.response.status(200);
      resp.send({
        "accountIdentifier":"3213415",
        "success": true });
      next();
  }
});

module.exports = AppDirectHandler;


function oauthHTTPMethod(endpoint,method, success){
  var signedURL = "";
  var signature ="";
  var timestamp = Date.now();
  var nonce = timestamp + 20;
  var oauth_consumer_key = 'YOURCONSUMERKEY';
  var parameters = { 
        'oauth_consumer_key' : oauth_consumer_key,
        'oauth_nonce' : nonce,
        'oauth_timestamp' : timestamp,
        'oauth_signature_method' : 'HMAC-SHA1',
        'oauth_version' : '1.0' };
  var consumerSecret ='YOURSECRET';
  signature = oauthSignature.generate(method, endpoint, parameters, consumerSecret);
  console.log("This is signed URL " + signature);
   
   //create the final signed url
  var signedURL = endpoint +'?oauth_nonce='+nonce+'&oauth_timestamp='+timestamp+'&oauth_consumer_key='+ oauth_consumer_key +'&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature='+signature;
  success(signedURL);
};

function performRequest(endpoint, method, data, success) {
  console.log("in perform request")
  var headers = {};
   headers = {
      'Accept' : 'application/json',
      'Content-Type': 'application/json'
    };
  console.log("This is endpoint " + endpoint);
  var options = {
    host: appdirecthost,
    path: endpoint,
    headers: headers 
  };
 
  var req = https.request(options, function(res) {
     console.log(res.statusCode);
    var responseString = '';

    res.on('data', function(data) {
      console.log("In here have data = " + data);
      responseString += data;
    });

    res.on('end', function() {
      console.log("Now we are here");
      var responseObject = JSON.parse(responseString);
      success(responseObject);
    });
  });

  req.on('error', function(err){
    console.log("WE have an error!!");
  });

  req.end();
};

• Create new api builder project : appc new
• Put appdirectcreatehandler.js into the apis folder in your new project
• In conf/default.js set APIKeyAuthType to 'none' (while testing. you should have some security later)
• install oauth-signature from npm in the new api builder project : npm install oauth-signanture
• In appdirectcreatehandler.js edit the following vars
  ** appdirecthost = to the correct host
  ** oauth_consumer_key (Customers & Partners your consumer key is located at the bottom of the edit integration pages for webapp) ( AXWAY Admins: to the consumer key you obtain from the marketplace company integration tab)
  ** consumerSecret (Customers & Partners your consumer secret is located at the bottom of the edit integration pages for webapp) ( AXWAY Admins: to the consumer secret you obtain from the marketplace company integration tab)
  ** I also used ngrok so I can run api builder locally while I test. The test app I configured on the test appdirect instance is testwebapp3. Note it is only in the staging catalog. To test it out find this product, select edit, click preview button, and then purchase. You can also cancel.

Note this is just a basic skeleton. proper error handling and entitlement logic needs to occur.