Regarding mailwizz API...


New Member

So I am trying to add mailwizz API into my application but my dev is facing some issues here. Can you guys please help me how this is done? Here are his concerns:

1) Simple sample for request query string and headers to get lists via API (we are talking GET, no complications do far), including signature.

2) Sample string to sign they would obtain by putting our keys into it, random timestamp and whatever remote_addr.

3) Signature of above.

Please let me know how to resolve this above mentioned issues.

Thank you
What exactly do you mean? Sorry, i try to understand so i know how to help you.
The site above has examples showing exactly how to use the api.
We're integrating mailwizz functionality into . Net application. The doc mentioned is a PHP API, my dev can read it yet he faced mentioned issues trying to port that into our app. The whole process looks more like reverse engineering rather than docs guided implementation, he doesn't feel it to be the right approach

Just to clarify: their signing process isn't documented and I just can't craft a valid signature. Whatever I tried was never accepted by their server. So I need an example (not a code piece), literally a sample request and it's signature. Of course if they can really describe the process that'd be even better, yet such description would also include an example so it's like asking for more work from their side.

Here's what I'm talking about, the correct doc:

There's a similar signing process so binance team included it's description and examples so any dev can verify his/her code against ones
their signing process isn't documented and I just can't craft a valid signature
Disable the signature from backend > settings > api then do like below.

Here's how a request sent with curl looks like:
# GET - get email lists

# POST - create a list

curl -X POST -H "X-MW-PUBLIC-KEY: YOUR_PUBLIC_API_KEY" -H "X-MW-TIMESTAMP: 1594148853" -H "X-MW-SIGNATURE: " -vvv -d "general[name]=MyAPIList&general[description]=x"
Yes, I know I can disable but what's the point of having the functionality then at all. I like the idea of securing endpoints by signing sensitive requests.

What they gave seems to be a general example, I was asking for example on how a signature is calculated and they just have "signature" and that's it.
but what's the point of having the functionality then at all
It's added security. We still use one api key to make the request, so you're still safe.
We're using the same technique like amazon does for signature calculation, if your dev takes a look at things will be very obvious as to how the signing is done.
The important part is which basically merges the special header params with the POST/GET/DELETE params into one big array, it then sorts them by their keys, as strings, then based on that constructs a new string which is then hashed using the private key. I don't really know how to explain it better...