Application keys

To obtain application key, please contact commercial service of Bettr.

With application key, you will get a secret key to maintain in the application side and never pass through the API.

All request on the API are logged to secure the service.

Usage of headers

Some HTTP headers required to call Bettr API.

X-Bettrapps-Application: 4DfG4JrcjkRS99c9
X-Bettrapps-Consumer: iF25CjU3iQ28SY582eS4mNzp5GEf7R4mgeFpd37qU4UZ7P3Pz8p87YCBn46nQaig
X-Bettrapps-Signature: $1$88n79545nn3nkpaw5q7745s94fjs9qzp962a2jcw
X-Bettrapps-Timestamp: 1444846866
X-Bettrapps-Session: 6Z2W8Y47nAH2wu3sHG7p5Z4jw97gsSrvDBH425w4uPrH94GK4awwRD6bg67ZXzNw

X-Bettrapps-Application

It's a key provided by bettr, unique to an application.

* This HTTP header is required.

X-Bettrapps-Consumer

It's a key provided by bettr, for a specific usage in the application.

* This HTTP header is required.

X-Bettrapps-Signature

It's the signature of request, a check of request is made next bettr (format : SHA256).

'$5$' + SHA256( SK + '+' + CK + '+' + METHOD + '+' + URI + '+' + BODY + '+' + TimeStamp );

Détail :

• SK : Secret key
• CK : Consumer key
• METHOD : HTTP Method
• URI : URI of request with querystring (example : « /user/me/profile?param=test »)
• BODY : Data of the request body
• TimeStamp : Timestamp of the request (sended in header)

* This HTTP header is required.

X-Bettrapps-Timestamp

To avoid replay, you can add the timestamp of the request.

* This HTTP header is required.

X-Bettrapps-Session

It's the session id provided by API during the first call of them.
The session ID must then be passed in the headers in all calls after the first call. Otherwise, customer identification will not operate well when calling certain methods.