Authentication

The Zubisoft API uses API keys to authenticate requests. Keys include: private key, public key and user key.

Your API keys carry many privileges, so be sure to keep them secure! Do not share your secret API keys in publicly accessible areas such as GitHub, client-side code, and so forth.

All requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.

The user key is sometimes called 'esign' or 'Link ID'. The key is shown under 'Home' > 'Settings' > 'My Profile' after login to the personal IBRA account.
The following keys need to be added the the header of each request:
$header['X-Public-Key'] = 'yourPublicKey';
$header['X-Private-Key'] = hash('SHA256', 'yourPrivateKey');
$header['X-User-Key'] = 'yourUserKey';

As an example, a request to the IBRA API could look like this:
$headers = [
    'Content-Type: application/json',
    'X-Public-Key: ' . 'yourPublicKey',
    'X-Private-Key: ' . hash('SHA256', 'yourPrivateKey'),
    'X-User-Key: ' . 'yourUserKey'
];

$data = json_encode($data);

##### CURL
$curl = curl_init();

curl_setopt_array($curl, array(
    CURLOPT_URL => 'https://www.zubisoft.com/api/nomogram',
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POST => 1,
    CURLOPT_MAXREDIRS => 10,
    CURLOPT_TIMEOUT => 0,
    CURLOPT_FOLLOWLOCATION => true,
    CURLINFO_HEADER_OUT => true,
    CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
    CURLOPT_POSTFIELDS => $data));

$response = curl_exec($curl);
$info = curl_getinfo($curl);
curl_close($curl);

$obj = json_decode($response,true);