Prerequisites
To use the Online API, you need to prepare the following:
Handle API credentials
To call the Online API, you must specify your credentials in the HTTP request header.
After you join as a merchant, you can get the channel ID and channel secret key from the merchant center, which you can use to generate credentials.
You can apply for a sandbox account to request a channel ID and channel secret key for the sandbox for testing.
If you already have a channel ID and channel secret key issued by join as a merchant, you can use it in the sandbox environment without separate application.
The HTTP request header that specifies the credentials is as follows.
X-LINE-ChannelIdX-LINE-AuthorizationX-LINE-Authorization-Nonce
Enter the channel ID value in the X-LINE-ChannelId header and a temporary token value, such as a UUID v1 or v4 or a timestamp, in the X-LINE-Authorization-Nonce header.
The value entered in the X-LINE-Authorization header is the Base64-encoded value of the message authentication code (MAC) generated with the HMAC method using the channel secret key and the target message. Depending on the HTTP method of the API being called, configure the MAC generation message as follows.
| HTTP Method | MAC-generation message |
|---|---|
| GET | Channel secret key + API path (apiPath) + query string (queryString) + temporary token (nonce) |
| POST | Channel secret key + API path (apiPath) + request body + temporary token (nonce) |
The following example code enables calling an Online API by adding credentials information to the HTTP request header.
In the code examples below, the
handleBigInteger()function is required when dealing with the transaction ID value. For more information on transaction IDs and thehandleBigInteger()function, see Transaction ID.
const crypto = require("crypto");
function signKey(clientKey, msg) {
const encoder = new TextEncoder();
return crypto
.createHmac("sha256", encoder.encode(clientKey))
.update(encoder.encode(msg))
.digest("base64");
}
async function requestOnlineAPI({
method,
baseUrl = "https://sandbox-api-pay.line.me",
apiPath,
queryString = "",
data = null,
signal = null,
}) {
const nonce = crypto.randomUUID();
let signature = "";
// Generate MAC for each method
if (method === "GET") {
signature = signKey(
YOUR_CHANNEL_SECRET,
YOUR_CHANNEL_SECRET + apiPath + queryString + nonce
);
} else if (method === "POST") {
signature = signKey(
YOUR_CHANNEL_SECRET,
YOUR_CHANNEL_SECRET + apiPath + JSON.stringify(data) + nonce
);
}
const headers = {
"X-LINE-ChannelId": YOUR_CHANNEL_ID,
"X-LINE-Authorization": signature,
"X-LINE-Authorization-Nonce": nonce,
};
const response = await fetch(
`${baseUrl}${apiPath}${queryString !== "" ? "&" + queryString : ""}`,
{
method: method,
headers: {
"Content-Type": "application/json",
...headers,
},
body: data ? JSON.stringify(data) : null,
signal: signal,
}
);
const processedResponse = handleBigInteger(await response.text());
return processedResponse;
}