Partner API
Version 0.4 (02/07/2025)
Basic information:
Sandbox:
https://gateway-dev.palm.id.vn/api/private/partner/Authenticating Requests with an API Key
To authenticate requests with an API key, follow these steps:
Retrieve your API key from the developer portal or your account settings.
Include the API key in the headers of your HTTP request. Typically, this is achieved by adding a header field
x-api-key.Ensure the API key is kept secure to prevent unauthorized access.
Example in a cURL command:
curl -X GET "https://gateway-dev.palm.id.vn/private/api/partner/locker" -H "x-api-key: YOUR_API_KEY"Replace YOUR_API_KEY with your actual API key.
Webhook with Secret Key and HMAC-SH256 Signature
To ensure secure communication when receiving webhooks, you can use HMAC-SHA256 signatures. This approach allows you to verify the integrity and authenticity of the payload using a secret key shared between you and the sender.
Generating a Signature
When a webhook is sent, the payload is signed using your secret key. This signature is typically included in the request headers.
Verifying the Signature in Node.js
To verify the HMAC-SHA512 signature in Node.js:
Collect the incoming payload and the signature from the request header.
Use the secret key to generate a hash of the payload.
Compare the generated hash with the signature from the header.
Here's an example:
Replace YOUR_SECRET_KEY with your actual secret key. Make sure to handle the payload and signature verification securely to prevent unauthorized access.
List devices
API Description: List Devices
This API endpoint allows you to retrieve a list of devices. It is designed following RESTful principles.
Endpoint
GET /locker
Parameters
size(optional): The number of records to return per page for pagination. Default is 10.page(optional): The index of the page to retrieve for pagination, starting at 0.longtitude(optional) longtitude to searchlatitude(optional) latitude to searchdistance(optional) the radius (in km) to search with center point is (latitude, longtitude). Default value is 5city(optional) citydist(optional) districtward(optional) wardformat(optional) format of data. You can usecompactorfullformat. Default value iscompact.
Note:
You must search by
[longtitude, latitude, distance]or[city, dist, ward]System will use
[longtitude, latitude, distance]if you send both param groups.If search by
[longtitude, latitude, distance]does not return the result, you can try again by increasedistancevalue.
Response
Returns a JSON object containing device details and pagination information.
Example Response of compact format
Example Response of full format
Get device's detail
Get Device Details by ID
This API endpoint retrieves detailed information about a specific device using its unique device ID.
Endpoint
Parameters
lockerIdId(string, required): The unique identifier of the device whose details are to be retrieved.
Response
Returns a JSON object containing details of the specified device including its name, address, and geographical location.
Example Request
Example Response
Use this API to access the device information conveniently by its ID.
Create new order
This API allows you to create a new order by providing relevant details about the sender, receiver, and package.
Endpoint
Parameters
receiverPhone
string
The phone number of the receiver
receiverName
string
The name of the receiver
cost
integer
The total cost associated with the order
senderPhone
string
The phone number of the sender
stackPosition
number
The stack's position in this device. You must use eithersize or stackPosition when create order
orderType
enum
The orderType of order. Default is locker
partnerCode
string(6)
The code to open stack in case Partner want to retrieve the order. Must using only number [0-9]
number
The maximum time in millisecond that Partner wants to keep the order in locker before we start to count fee
size
enum(s,m,l,xl)
size of stack. You must use eithersize or stackPosition when create order
partnerOrderCode
string(256)
OrderCode of partner's order
partnerRentCode
string(256)
partner's rentCode
Example Request and Response
Request
Response
Get order's information
This API allows you to retrieve detailed information about a specific order using a tracking order parameter.
Endpoint
Parameter:
orderId: A unique identifier for the order you want to retrieve. This parameter is required to fetch the order's details.
Example
Replace {orderId} with the actual order's ID.
Response Example
List orders
The List Orders API allows you to retrieve a collection of orders based on specified criteria. You can filter orders by status, purpose, and date range, facilitating effective order management. The response will include details of each order, such as the order ID, status, receiver's information, and timestamps.
Endpoint
Parameters
page
number
The index of request's item. Default is 0
size
number
The number item that client want to get per page. Default is 2o
orderStatus
enum[success,failed,init]
Order's status. Init - new order, success - user've got order, failed - order is cancelled
receiverPhone
string
Phone number of receiver
Response Example
The response will include the list of orders matching the specified criteria. Each order in the list will contain details similar to the following:
Notes
Ensure date and time are in ISO 8601 format when specifying the
startTimeandendTime.The
statusandpurposeparameters help in filtering the orders based on their current status and intended use.Pagination allows you to manage and display orders effectively with the
pageSizeandpageIndexparameters.
Cancel order
The Cancel Order API allows you to cancel an existing order by specifying the order's unique identifier.
Endpoint
PUT /order/cancel
Parametersa
id(string, required): The unique identifier of the order that needs to be canceled.
Example Request
Response
A successful cancellation will return a confirmation with the order details, including its updated status.
Renew Partner Code
This API endpoint allows you to renew the partner code for a specific order by providing the orderId. Upon successful renewal, it will return the order details, including the new partner code and the updated status.
Endpoint
Request Parameters
orderId(string, required): The unique identifier of the order for which the partner code needs to be renewed.
Example Request
Response
A successful request will yield a response containing the order details along with the new partner code and a flag indicating whether the update was successful.
Example Response
Renew Order pass
To renew an order code, a POST API is available that takes the parameter orderId. This API will return the following:
orderPass: The updated order code after renewal.
createdAt: The timestamp indicating when the new order code was created.
updatedAt: The timestamp showing the last update to the order code.
id: The unique identifier for the renewed order.
Example Request
Example Response
Open stack api
Notice:
Only partner who is granted permission can call this API.
To initiate the process of opening a stack, the POST API can be employed, which requires two essential parameters: orderId and lockerId, both of which are strings. When making a request using this API, these parameters must be included to identify the specific order and locker involved in the transaction. Upon successful execution, the API will return a boolean result of true, indicating that the stack has been opened successfully, allowing authorized users or systems to perform further operations with the locker.
Response:
Make sure your partner ID is authorized for this API.
Ensure orderId and lockerId are correctly provided to successfully open the locker.
Update Payment status
To update the payment status of an order, you can use the following API endpoint.
Endpoint
Headers
Content-Type:application/jsonx-api-key:your-api-key
Parameters
orderId(string): The unique identifier of the order.paymentStatus(boolean): The new payment status to be set (e.g.,truefor paid,falsefor unpaid).
Example Request
Response
This response indicates whether the payment status was successfully updated.
User Token Retrieval API
This API allows partners to obtain a user token by providing two parameters: phoneNumber and partnerDetail.
Request
Method:
POSTEndpoint:
/partner/user/tokenHeaders:
Content-Type:application/json
Request Body
ResponseThe response includes the following fields to inform the partner about the token and permission status.
Successful Response Example
token: The access token the partner can use to retrieve user's order data.needRequestPermission: A boolean flag indicating whether the partner must wait for user consent to access order data.
Webhook
A webhook is a mechanism that allows you to receive real-time data updates as soon as an event occurs. For order information, your system can subscribe to a webhook that sends data whenever there is a change or update in an order's status.
Example Payload
When an order is created or updated, a webhook payload like the following might be sent to your specified URL:
Note: userToken is current token of owner of this order. It's used to open a webview that help owner can access all his orders these have not been openned. This token is valid until the next webhook of this owner is created.
Verifying the Signature
To ensure the data integrity and authenticity of the received webhook, you should verify its signature using a shared secret key. Here's a basic example of how to check the signature:
Calculate the HMAC SHA256 hash of the payload using your secret key.
Compare the calculated hash with the signature sent in the webhook headers.
By following these steps, you can ensure that the data received is from a trusted source and hasn't been tampered with.
Last updated