Product Update Notification API
This API allows customers with a custom e-commerce integration plugin to send product update notifications by signing the request payload with HMAC authentication.
Endpoint
POST https://ingest.hello-lisa.com/plugin-notifications/{id}/updatesHeaders
Header
Description
X-Hmac-Signature
HMAC-SHA256 signature of the request body
Authorization
API key for authentication
ApiKey <API_KEY>Content-Type
application/json
Parameters
Parameter
Description
id
The distinct identifier of the e-commerce plugin integration.
Payload Requirements
JSON format
Maximum size: 192 KB
Must be signed using HMAC-SHA256 with the secret provided upon registration.
How to Sign the Request
Use the HMAC-SHA256 algorithm to sign the JSON payload with the provided secret key. The resulting hex-encoded digest should be sent in the X-Hmac-Signature header.
Code Samples
const crypto = require('crypto');
const axios = require('axios');
const apiKey = 'your-api-key';
const secret = 'your-secret-key';
const url = 'https://ingest.hello-lisa.com/plugin-notifications/{id}/updates';
const payload = JSON.stringify({ productId: "123", price: 19.99 });
const signature = crypto.createHmac('sha256', secret)
.update(payload)
.digest('hex');
axios.post(url, payload, {
headers: {
'Authorization': `ApiKey ${apiKey}`,
'Content-Type': 'application/json',
'X-Hmac-Signature': signature
}
}).then(response => console.log(response.data))
.catch(error => console.error(error.response?.data || error));import hashlib
import hmac
import json
import requests
api_key = b'your-api-key'
secret = b'your-secret-key'
url = 'https://ingest.hello-lisa.com/plugin-notifications/{id}/updates'
payload = json.dumps({"productId": "123", "price": 19.99})
signature = hmac.new(secret, payload.encode(), hashlib.sha256).hexdigest()
headers = {
'Authorization': f'ApiKey {api_key}',
'Content-Type': 'application/json',
'X-Hmac-Signature': signature
}
response = requests.post(url, data=payload, headers=headers)
print(response.json())package main
import (
"bytes"
"crypto/hmac"
"crypto/sha256"
"encoding/hex"
"encoding/json"
"fmt"
"net/http"
)
func main() {
apiKey := []byte("your-api-key")
secret := []byte("your-secret-key")
url := "https://ingest.hello-lisa.com/plugin-notifications/{id}/updates"
payload, _ := json.Marshal(map[string]interface{}{
"productId": "123",
"price": 19.99,
})
h := hmac.New(sha256.New, secret)
h.Write(payload)
signature := hex.EncodeToString(h.Sum(nil))
req, _ := http.NewRequest("POST", url, bytes.NewBuffer(payload))
req.Header.Set("Authorization", "ApiKey " + apiKey)
req.Header.Set("Content-Type", "application/json")
req.Header.Set("X-Hmac-Signature", signature)
client := &http.Client{}
resp, err := client.Do(req)
if err != nil {
fmt.Println("Error:", err)
return
}
defer resp.Body.Close()
fmt.Println("Response Status:", resp.Status)
}use hmac::{Hmac, Mac};
use reqwest::blocking::Client;
use serde_json::json;
use sha2::Sha256;
fn main() {
let api_key = "your-api-key";
let secret = "your-secret-key";
let url = "https://ingest.hello-lisa.com/plugin-notifications/{id}/updates";
let payload = json!({
"productId": "123",
"price": 19.99
}).to_string();
let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes()).expect("HMAC can take key of any size");
mac.update(payload.as_bytes());
let signature = hex::encode(mac.finalize().into_bytes());
let client = Client::new();
let res = client.post(url)
.header("Authorization", format!("ApiKey {}", api_key))
.header("Content-Type", "application/json")
.header("X-Hmac-Signature", signature)
.body(payload)
.send()
.expect("Failed to send request");
println!("Response: {:?}", res.text().unwrap());
}import javax.crypto.Mac
import javax.crypto.spec.SecretKeySpec
import scala.util.Try
import scalaj.http._
object HmacSignatureExample extends App {
val apiKey = "your-api-key".getBytes("UTF-8")
val secret = "your-secret-key".getBytes("UTF-8")
val url = "https://ingest.hello-lisa.com/plugin-notifications/{id}/updates"
val payload = """{"productId":"123","price":19.99}"""
def signHmacSHA256(data: String, key: Array[Byte]): String = {
val mac = Mac.getInstance("HmacSHA256")
mac.init(new SecretKeySpec(key, "HmacSHA256"))
mac.doFinal(data.getBytes("UTF-8")).map("%02x".format(_)).mkString
}
val signature = signHmacSHA256(payload, secret)
val response = Http(url)
.postData(payload)
.header("Authorization", s"ApiKey $apiKey")
.header("Content-Type", "application/json")
.header("X-Hmac-Signature", signature)
.asString
println(response.body)
}using System;
using System.Net.Http;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
class Program
{
static async Task Main()
{
string apiKey = "your-api-key";
string secret = "your-secret-key";
string url = "https://ingest.hello-lisa.com/plugin-notifications/{id}/updates";
string payload = "{\"productId\":\"123\",\"price\":19.99}";
using var hmac = new HMACSHA256(Encoding.UTF8.GetBytes(secret));
string signature = BitConverter.ToString(hmac.ComputeHash(Encoding.UTF8.GetBytes(payload))).Replace("-", "").ToLower();
using var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Post, url)
{
Content = new StringContent(payload, Encoding.UTF8, "application/json")
};
request.Headers.Add("Authorization", $"ApiKey {apiKey}");
request.Headers.Add("X-Hmac-Signature", signature);
HttpResponseMessage response = await client.SendAsync(request);
string responseBody = await response.Content.ReadAsStringAsync();
Console.WriteLine(responseBody);
}
}Error Handling
HTTP Status Code
Meaning
202 Accepted
Request received and processing asynchronously
400 Bad Request
Invalid or missing signature
401 Unauthorized
Invalid secret or signature
413 Payload Too Large
Payload exceeds 192 KB limit
Last updated