App settings page
How to impelement
The canvas sizes of app settings page are:
width: 1168px.
height: 800px;
We reommended to develop a
responsive canvas page to support all screen resolutions.
Signed request parameter
When user click on your app from Cashcow app market, we send to your settings URL an encrypted
signed_request parameter via HttpGet.
for example: http://www.yourdomain.com/appsettings?signed_request=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
To decrypt this signed_request you need to use
MD5 Hash algorithm.
The vector(key) to decrypt this MD5 hash is your app token(You'll recieve your app token when you create an app).
example is C#:
public static string Decrypt(string app_token, string signed_request)
{
// decode signed request first.
signed_request = Encoding.UTF8.GetString(System.Web.HttpServerUtility.UrlTokenDecode(signed_request));
byte[] keyArray;
//get the byte code of the string
byte[] toEncryptArray = Convert.FromBase64String(signed_request);
// app token
string key = app_token;
//if hashing was used get the hash code with regards to your key
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
//release any resource held by the MD5CryptoServiceProvider
hashmd5.Clear();
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)
tdes.Padding = PaddingMode.PKCS7;
ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(
toEncryptArray, 0, toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
return UTF8Encoding.UTF8.GetString(resultArray);
}
Use API to access objects(account orders,products,stores...)
When signed_request parameter is decrypted you'll recieve JSON string with the account token to start invoking API.
example for decrypted signed_request:
{app:8,account_token:"XX-JB0Vj61dbBm01JspOaXXXC2j3QhnGUYVz9EBqNO5ToJetsxd1fuSwqkELMXXXekx3-iAXXXzhLop8kO6w==",device:"desktop",date:"635434038010761498", perms:"info,orders,customers,products,store_users"}
The account token from the example above is:
XX-JB0Vj61dbBm01JspOaXXXC2j3QhnGUYVz9EBqNO5ToJetsxd1fuSwqkELMXXXekx3-iAXXXzhLop8kO6w==
With this account token you can invoke
API actions.
Include CSS and Javascript links to your setting page
To get colors, backgroungs and layouts, include this CSS link on your settings page:
<link href="https://cdn.cashcow.co.il/system/PROD/Content/appmarket_settings.css" type="text/css" rel="stylesheet" />
Javasvript link that allows you to get/set API calls and dialogs on your settings page:
<script src="https://cdn.cashcow.co.il/system/PROD/Scripts/appmarket_settings.js" />