BookingSG Self help
  • Links
    • BookingSG
    • Book a discussion with us!
    • Drop us a note!
  • FREQUENTLY ASKED QUESTIONS
    • 👀About BookingSG
    • ✨Onboarding
      • Sign Up
      • Fees and Charges
      • Onboarding Duration
      • BookingSG Structure
        • Organisation
        • Service
        • Service Provider
      • Different user roles
        • Creating Users Accounts
      • Approval Workflows
      • Login Authentication
      • Send Notification
        • Email Notification
          • Slots - recurring & one-off
          • Events
          • Proxy
          • Email Reminders Notifications
        • SMS Notification
          • SMS Reminder Notifications
      • Customisation
    • 🔗Integration with BookingSG
      • Pre-requisites
      • BookingSG server authentication
      • API listing
        • DEL
        • GET
        • PATCH
        • POST
        • PUT
  • Admin User Guide
    • ✏️Setting up user accounts
    • ⚙️Configure Service Settings
    • 🎨Customising
      • Dynamic Fields
      • Email Notification Templates
      • SMS Notification Templates
    • 🗓️Create timeslots
      • Setting Recurring Schedule
      • Customise Recurrent Schedules
      • Adhoc Timeslots
      • Indicating unavailability
  • SUPPORT
    • 🛠️Staging and production system support
Powered by GitBook
On this page
  1. FREQUENTLY ASKED QUESTIONS
  2. Integration with BookingSG

BookingSG server authentication

PreviousPre-requisitesNextAPI listing

Last updated 5 months ago

For our server to server authentication, we took reference from integration with APEX, and mimics their implementation. In order to make API calls to our server, your system must first generate a token using the open sourced APEX utility library which can be found in following 3 languages.

Note that this token generation is fully offline, the above library does not make any prior API calls to BookingSG. With the generated token, attached it in the header of the API request as such 

headers: { Authorization: <generated token> }

Full Code sample for making API calls to BookingSG server

// This is a code sample making a GET request to our get-all-bookings API

import axios from 'axios';
import { ApiSigningUtil } from 'node-apex-api-security';

const baseUrl = 'https://www.stg.bookingsg.io'; // BookingSG base URL. The current value points to staging server
const path = '/bookingsg/api/v2/bookings'; // API route
const httpMethod = 'GET'; // API method
const queryParams = {}; // API query parameters

const authPrefix = 'Molagency_l2_eg'; // Hardcoded string. Do not change this
const appId = ''; // Agency system's identifier. BookingSG will use this to identify the caller's system. This value will be passed to you after BSG receives the public key from you and did the onboarding work on BSG side.
const privateKey = ''; // PKCS8 private key generated by you
const privateKeyPassphrase = ''; // this is optional, depending on whether your private key is encrypted. If it's not encrypted, leave it as empty string

// Generate Authorization token for use in request headers
let token = ApiSigningUtil.getSignatureToken({
    authPrefix,
    appId,
    urlPath: `${baseUrl}${path}`,
    httpMethod,
    realm: baseUrl,
    keyString: privateKey,
    passphrase: privateKeyPassphrase,
    queryString: queryParams,
});

// Making the API request
axios
    .get(`${baseUrl}${path}`, {
        headers: {
            Authorization: token, // attach the generated token in the headers
        },
    })
    .then((res) => {
        console.log('Status Code:', res.status);
        console.log(res.data);
    })
    .catch((err) => {
        console.log('Error: ', err.message);
        console.log('Error: ', err.response.data);
    });
🔗
NodeJS library
Java library
C# library