Settings

The following information about the hosting-API can also be found in the admin-section of CCM19. This API provides headless-access to functions for the following resources:

• Clients
• Domains
• Locales (Translations)
• Themes
• Placeholders
• Embeddings & Cookies
• Onboarding

Of course, all of these actions can only be performed if the appropriate authorization is in place.

Connecting to the API

To successfully process an API-request, append the API-key to every request by adding the GET-parameter apiKey and setting the key as the value.

For every POST- and PUT-request, set the HTTP-header Content-Type to application/json; that is, for every request that contains a message body. Encode the payload to be sent accordingly.

The real API keys are, of course, much more complex. 😉

Always keep your API-key secret. If the key is compromised, you can change it here; after that, you must update all your apps.

Using Hawk HTTP-Authentication

If you enable this option, a signed request can be verified. However, you must implement the client-side for this authentication method yourself and integrate it into your applications.

Use the shared secret to sign your requests. To do this, you must derive a key from the shared secret using the PBKDF2-algorithm.

Use Hawk HTTP-Authentication

If you enable this option, a signed request can be verified. However, you must implement the client-side for this authentication method yourself and integrate it into your applications.

Use the shared secret to sign your requests. To do this, you must derive a key from the shared secret using the PBKDF2-algorithm.

This feature is optional. Use this option to enable partial cryptographic verification of your requests.

Check out the following resources to sign your requests correctly.

• Hawk — A PHP Implementation
• hash_pbkdf2 — Generate a PBKDF2 key derivation of a supplied password