The request
The moment your customer will open your Page, a HTTP-request will done towards the endpoint you have provided. You can protect this endpoint with Basic Auth or anAuthentication header. To identify the customer which opened the page, do we send an header with the identifier.
| Header | Description | Example |
|---|---|---|
Accept | MijnKlantportaal accepts (and expects) HTML | text/html |
X-Customer-Id | The ID of the customer which opened the page | cst_123abc456def |
X-Page-Id | The ID of the page which needs your HTML content | pag_123abc456def |
The response
The request is covered by authentication, but the response should be protected too. Therefor do we expect a certain content in your response to make your HTML enter your MijnKlantportaal page. Add the following headers to your response:| Header | Description | Example |
|---|---|---|
Content-Type | Let our server know that you, indeed, are sending HTML as response | text/html |
X-Checksum | A checksum to validate that the response is actually coming from your server. See further on this page how to generate this | 1e5e791547c14e581e09... |
The X-Checksum header
To make sure that the HTML is actually coming from your server, you have to add a checksum in the header. This checksum will be a Hash-based Message Authentication Code (HMAC) signature based on some values. This signature needs to be included in your response in the X-Checksum header. The data that needs to be used are:
| Type | Value |
|---|---|
| Algorithm | SHA256 |
| Data | IDOfYourCustomer,IDOfYourPage - For example: cst_123abc456def,pag_123abc456def. Be aware: no spaces! |
| Key | The key you have provided when creating the block |