SDK IntegrationPublic API

Overview


The Weave.tech API’s have been developed to enable our partners to seamlessly interact with our platform in order to have all the latest information relating to SIM Only contracts and deals that are available from our suppliers.

Given the dynamic nature of the deals from our suppliers and contracts that are updated along with new promotions on specific contracts from some suppliers its essential for a robust yet simple API.

Get an access token

To generate REST API credentials for the sandbox and live environments:

  1. Login into the Partner Dashboard with your account provided by weave.tech.
  2. Under the API Controls menu, select API Keys.
  3. Click the button ADD NEW KEY to create a new API key.

Authentication

We uses API keys to allow access to the API. Authentication and access is given based on credentials which we will provide to our partners once the approval process has been completed.

We expects the API key to be included in all API requests to the server in a header that looks like the following:

# With shell, you can just pass the correct header with each request
curl "api_endpoint_here"
-H "Authorization: Token {token_key}"

Encryption

In Weave, customer's data privacy is one of our top priority. We strive to consistently deliver secure experiences in all our products and services. All sensitive datas will be encrypted in partner sides before sending to Weave. Currently, we support two encryption methods for partners to integrate: Google Tink and AWS KMS.

Google Tink

Weave will generate a pair of keys and share the public key and secret string with the partner. The partner will then use the public key and secret string to encrypt sensitive information such as bank details or date of birth.

More information can be found at: https://github.com/google/tink

Sample encryption code in Python. This code is for partner to encrypt the sensitive data with public key and secret string.

path: folder path to public key file.

data: data that need to be encrypted.

secretKey: secret string that share between WeaveTech and partnet.

import base64
import tink
from tink import cleartext_keyset_handle
from tink import hybrid
def getKeysetHandleFromFile(path):
keyFile = open(path, "r")
keyData = keyFile.read()
keyFile.close()
reader = tink.JsonKeysetReader(keyData)
keyset_handle = cleartext_keyset_handle.read(reader)
return keyset_handle
def encryptData(data,secretKey):
hybrid.register()
keyHandle = getKeysetHandleFromFile("./publicKey")
hybrid_encrypt = keyHandle.primitive(hybrid.HybridEncrypt)
ciphertext = hybrid_encrypt.encrypt(str(data).encode('utf_8'), str(secretKey).encode('utf_8'))
cipherTextBase64 = base64.b64encode(ciphertext)
return cipherTextBase64
print(encryptData('1234567890','ctech'))

AWS KMS (AWS Key Management System)

The bank account holder, bank account number sort code and DOB must be encrypted by partner using the AWS Key Management. The Weave Tech partner doesn’t require to have an AWS account. Weave Tech will generate the Master key from their AWS account and share the require credentials with partner. Information on how to integrate with the API can be found in this link: ​ https://docs.aws.amazon.com/kms/index.html

Field nameDescription
Access Key IDTo be generated by Weave
Secret Access KeyTo be generated by Weave
Region