Medipim API V2 Documentation

need help?

Authentication

Using a basic HTTP authentication header

Basic Authentication is a simple authentication mechanism for HTTP requests. With every request, a header is added that contains a base64 encoded username & password.

For the Medipim API, your api user ID & key serve as username & password for basic HTTP authentication.

For technical details see Basic access authentication on wikipedia. Note that virtually every http library will provide convenience functions for adding this header to your request.

Example code

<?php
$id = 92; // your api user id
$key = "5TlnzOBlPRa9udfbVpXP..."; // your secret api key

// initialize a curl request
$request = curl_init("https://api.medipim.be/...");

// adds the Authorization header
curl_setopt($request, CURLOPT_USERPWD, "$id:$key");
curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
$response = json_decode(curl_exec($request));

Using a validation hash

This authentication method is allowed only for select calls.

Certain calls should be authenticated using a hash crafted specifically for the request. This is not as simple as basic authentication, but it does allow to e.g. send an url to a third party without giving away your api key.

To create a validation hash,

  1. Take all GET parameters for your request, sort them alphabetically and concatenate them into one string: key1=valuekey2=value.
  2. Hash this string using the HMAC SHA-256 algorithm. Your api key should be used as the hashing key.
  3. Finally, add this hash to your request as an additional GET parameter validation.

Example code

<?php
$id = 92; // your api user id
$key = "5TlnzOBlPRa9udfbVpXP..."; // your secret api key

// this is the url we want to send a request to
// we will have to hash the user_id and language parameters
$url = "https://api.medipim.be/...?user_id=$id&language=fr";

// sort and concatenate the GET parameters
// then hmac sha-256 the resulting string to create the validation code for this request
$validationHash = hash_hmac("sha256", "language=fruser_id=$id", $key);

// add the hash to our url
$url .= "&validation=$validationHash";

// do the request
$request = curl_init($url);
curl_setopt($request, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($request);