Settings

The following information on the hosting API can also be found in the admin area of CCM19. This API enables headless access to functions for the following resources:

• Clients
• Domains
• Locales (translations)
• Themes
• Placeholders
• Embeddings & Cookies
• Onboarding

Of course, all these actions can only be carried out if the corresponding authorization has been granted.

Establish connection to the API

To successfully process an API request, append the API key toeach requestby adding the GET parameter apiKey and setting the key as the value.

For each POST and PUT request, set the HTTP header Content-Type to application/json; i.e. for each request that contains a message body. Code the payload to be sent accordingly.

The real API keys are of course much more complex 😉

Always keep your API key secret. If the key is compromised, you can change it here; you will then need to update all your apps.**

Use Hawk HTTP authentication

If you activate this option, a signed request can be verified. However, you must implement the client side for this authentication method yourself and integrate it into your applications.

Use the shared secret to sign your requests. To do this, you must derive a key from the shared secret using the PBKDF2 algorithm.

Use Hawk HTTP authentication

If you activate this option, a signed request can be verified. However, you must implement the client side for this authentication method yourself and integrate it into your applications.

Use the shared secret to sign your requests. To do this, you must derive a key from the shared secret using the PBKDF2 algorithm.

This function is optional. Use this option to enable partial cryptographic verification of your requests.

See the following resources to sign your requests correctly.

• Hawk - A PHP Implementation
• hash_pbkdf2 - Generate a PBKDF2 key derivation of a supplied password