Configure API Key Delivery

Last Updated: December 2025 Reading Time: ~5 minutes

When you need to automatically generate and send license keys to customers via API, you can configure API call parameters for your products. This article details the various parameters and signature verification mechanism for API configuration.

Enable API Mode

First, you need to switch the key type from "Key" to "API" on the product edit page. After saving, click "API Management" for that product in the inventory list to enter the configuration page.

API Management Entry
API Management Configuration Page

Basic Configuration

Parameter Description
URL API request URL, supports GET or POST methods
Password Verification Choose between "Plain Password" or "Signature Key" verification methods

Signature Verification Mechanism

Using signature keys ensures the security and integrity of requests. Keys are stored only on the server side and are not exposed during network transmission.

Security Note
Signature verification ensures that received requests have not been tampered with and come from a reliable source. If no key is set, signature verification will not be effective.

Signature Calculation Steps

  1. Construct Signature String
    Concatenate current timestamp (milliseconds) + \n + secret key into a signature string
  2. Calculate HMAC-SHA256
    Use HmacSHA256 algorithm to calculate the signature string
  3. Base64 Encode
    Base64 encode the calculation result
  4. URL Encode
    URL encode the Base64 result (using UTF-8 charset) to get the final signature

PHP Example Code

PHP 
<?php
// Get 13-digit millisecond timestamp
list($msec, $sec) = explode(' ', microtime());
$msectime = (float)sprintf('%.0f', (floatval($msec) + floatval($sec)) * 1000);

// Signature key
$secret = "your_secret_key";

// Construct signature string
$str = "{$msectime}\n{$secret}";

// Calculate HMAC-SHA256 (raw binary data)
$hmacSha256 = hash_hmac('sha256', $str, $secret, true);

// Base64 encode then URL encode
$signature = urlencode(base64_encode($hmacSha256));

var_dump($signature);

Request Headers

API requests will include the following Headers information:

Header Value Description
Content-Type application/json Default content type
User-Agent apsdai-hook Fixed value to identify requests from APSDAI
X-Apsdai-Token password / sign Plain password or calculated signature
X-Apsdai-Timestamp 1576754827988 Timestamp when API request was triggered (milliseconds)

Custom Parameters

Custom Headers

Click "Add" to add custom Headers, fill in KEY and VALUE.

Custom Body

Body parameter VALUES can come from data collected in inventory information. Click "Add" and fill in KEY and VALUE.

Response Format

✓ Success Response
{
  "code": "SUCCESS",
  "message": "Success",
  "data": {
    "key": [
      "xxxxxxxLicenseKey1xxxxxxxxx",
      "xxxxxxxLicenseKey2xxxxxxxxx",
      "xxxxxxxLicenseKey3xxxxxxxxx"
    ]
  }
}
✗ Failure Response
{
  "code": "FAIL",
  "message": "Failure reason"
}
Response Notes
Success: HTTP status code returns 200 or 204, can return license key data or no response body needed.
Failure: HTTP status code returns non-200/204, or response code is FAIL.

Related Documents

Back to Help Center