Home Javascript SDK Rest API/SSO AppMarket Login
My apps
Login first

Help & Docs
Settings page
Pricing page
Credits API
Events

App settings page

How to impelement

The canvas sizes of app settings page are:
width: 1168px.
height: 800px;
We reommended to develop a responsive canvas page to support all screen resolutions.

Signed request parameter
When user click on your app from Cashcow app market, we send to your settings URL an encrypted signed_request parameter via HttpGet.
for example: http://www.yourdomain.com/appsettings?signed_request=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
To decrypt this signed_request you need to use MD5 Hash algorithm.
The vector(key) to decrypt this MD5 hash is your app token(You'll recieve your app token when you create an app).

example is C#:
public static string Decrypt(string app_token, string signed_request) { // decode signed request first. signed_request = Encoding.UTF8.GetString(System.Web.HttpServerUtility.UrlTokenDecode(signed_request)); byte[] keyArray; //get the byte code of the string byte[] toEncryptArray = Convert.FromBase64String(signed_request); // app token string key = app_token; //if hashing was used get the hash code with regards to your key MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider(); keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key)); //release any resource held by the MD5CryptoServiceProvider hashmd5.Clear(); TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider(); //set the secret key for the tripleDES algorithm tdes.Key = keyArray; //mode of operation. there are other 4 modes. //We choose ECB(Electronic code Book) tdes.Mode = CipherMode.ECB; //padding mode(if any extra byte added) tdes.Padding = PaddingMode.PKCS7; ICryptoTransform cTransform = tdes.CreateDecryptor(); byte[] resultArray = cTransform.TransformFinalBlock( toEncryptArray, 0, toEncryptArray.Length); //Release resources held by TripleDes Encryptor tdes.Clear(); //return the Clear decrypted TEXT return UTF8Encoding.UTF8.GetString(resultArray); }

Use API to access objects(account orders,products,stores...)

When signed_request parameter is decrypted you'll recieve JSON string with the account token to start invoking API.
example for decrypted signed_request:
{app:8,account_token:"XX-JB0Vj61dbBm01JspOaXXXC2j3QhnGUYVz9EBqNO5ToJetsxd1fuSwqkELMXXXekx3-iAXXXzhLop8kO6w==",device:"desktop",date:"635434038010761498", perms:"info,orders,customers,products,store_users"}

The account token from the example above is:
XX-JB0Vj61dbBm01JspOaXXXC2j3QhnGUYVz9EBqNO5ToJetsxd1fuSwqkELMXXXekx3-iAXXXzhLop8kO6w==
With this account token you can invoke API actions.

Include CSS and Javascript links to your setting page

To get colors, backgroungs and layouts, include this CSS link on your settings page:
<link href="https://cashcow-cdn.azureedge.net/system/PROD/Content/appmarket_settings.css" type="text/css" rel="stylesheet" />

Javasvript link that allows you to get/set API calls and dialogs on your settings page:
<script src="https://cashcow-cdn.azureedge.net/system/PROD/Scripts/appmarket_settings.js" />