This API follows Suomen Asiakastieto's standard authentication which is custom authentication using shared secret. You will provide a hash of paramters and shared secret as "checksum" parameter. In addition to this you must provide a valid timestamp.
Calculating the SHA-512 checksum Formation of the verified URL is performed at the customer’s end, using the secret calculation key the customer and Asiakastieto have agreed upon. The interface application conducts the security check for the given URL, based on the given time stamp (current time) and the calculated verification. This procedure eliminates the risk that Asiakastieto’s actual database user ID and password should fall into wrong hands, in case they are possibly shown in plain text in the target address line of the browser.
Time stamp The time stamp is supplied with the parameter timestamp, and it is of the following format: YYYYMMDDHHMMSSXXTZNNNNNN in which
| symbol | |
|---|---|
| YYYY | year in four digits |
| MM | month 01-12 |
| DD | day of the month 01-31 |
| HH | hour 00-23 |
| MM | minutes 00-59 |
| SS | seconds 00-59 |
| XX | hundredths of a second 00-99 |
| TZN | time zone correction in relation to GMT |
| Finland +02 (plus has to be included). The offset from GMT is always presented in relation to local normal time, daylight saving time (DST) is not added to the correction value. | |
| NNNNN | consecutive number. This can be static such as 00000 if you wish. |
Verification The checksum (SHA-512 hash value) is presented as a hexadecimal string of 128 characters, in which letter symbols are capital letters. The verification is calculated by using the standard SHA-512 algorithm, forming first a source character string from part of the parameters, and including the secret key known only by the customer and Asiakastieto. Source character string: userid&enduser×tamp&key& The parameters are placed in succession, set off by & characters as a single uniform character string, and the SHA-512 hash value is calculated for this, which is again placed into the parameter checksum in the final URL. The & character also has to be found at the end of the source character string when performing the calculation. The SHA-512 hash value received is presented as a hexadecimal character string of 128 characters, in which letter symbols are capital letters.