Even though you do not have to worry about this to much, here is some indepth information if you are curious.
<h2>Error Codes</h2>
Your channel must provide HTTP status codes in every response. The following status codes are possible:
| Code | Reason Phrase | Result |
|---|---|---|
| 200 | OK | Request successful |
| 400 | Bad Request | Request invalid, e.g. request did not pass every required parameters or a parameter was invalid. |
| 401 | Unauthorized | Request was unauthorized; the requested method requires authentication. |
| 403 | Forbidden | Request was authorized, but user is not allowed to execute this request. |
| 404 | Not Found | Resource of method was not found. |
| 500 | Internal Server Error | An internal error on the server side occurred, due to extraordinary conditions. |
| 503 | Service Unavailable | API is temporarily not available (e.g. due to maintenance) |
<h2>Authentication</h2>
To authenticate the junaio server at the Callback API of your server, a Hash-based Message Authentication Code (HMAC) is used. When you registered to junaio, your unique apikey was generated. All requests to the Callback API will be signed with this key and you can verify the signature with this key.
The signature is placed in the junaio Authentication Header. This header is build from attributes, which identify the request and a timestamp to avoid replay attacks:
Authorisation: junaio [RequestSignature]
| RequestSignature | = | base64(sha1([apikey] + sha1([apikey] + [signatureString]))) |
| signatureString | = | [http-verb] + "\n" + [request-uri] + "\n" + [date-header] + "\n" |
| apikey | = | Secret apikey of the Content Provider |
| http-verb | = | (GET|POST|DELETE) |
| request-uri | = | URI, which means the URL without hostname, but with the query string (e.g. /poi/extinfo/poiid) |
| date-header | = | HTTP-Request Header with the current client time in the format of RFC 1123 (WKDAY, DD MMM YYYY HH:MM:SS TZ) e.g. "Date: Sun, 06 May 2008 14:49:37 GMT" |
Every request from the junaio server contains the additional date HTTP-Request header. If the date differs more than e.g. 15 minutes from the server time on the callback API, the callback API can refuse the request with HTTP status code 401.
Using the Authentication
If you want to use the authentication for your channel, simply add before the check of the "poi/search" request the following command in your index.php: