Prisjakt Reviews API
home
This API allows you view and reply to shop reviews.
Getting started
This guide will help you get set up to use our API. The base address of the Reviews API is https://api.schibsted.com/prisjakt/reviews
. The first step is to set up client credentials and make an authentication request. Then you can fetch shop reviews.
Authentication
All requests to the API require authentication. To prove that the user has been granted permission, the request header sent by the application must include a valid access token. As the first step towards authentication, you will need to register your application. This will give you a unique client ID and client secret.
To authenticate set the grant type (grant_type
) to client_credentials
, and set your client ID (client_id
) and client secret (client_secret
).
curl --request POST \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=<replace with client ID> \
--data client_secret=<replace with client secret> \
https://pre-api.schibsted.com/prisjakt/reviews/token
{
"access_token": "eyJhbGciOiJSUzUxMiIsInR5cCI6IkpXVCIsImtpZCI6ImM1U09QVmQyS0h6VW9mVFg2L3d6ekJYWkVqaz0ifQ.eyJpc3MiOiJodHRwczovL2FwaS1zdGFnZS5zY2hpYnN0ZWQuY29tL3ByaXNqYWt0L2F1dGgiLCJzY29wZSI6InJvbGU6c2VydmljZSIsInN1YiI6IjhkYjFjMzA4MzUzYjQ0ZTY5MTE1ODFjZDZmMGRiM2JkIiwiaWF0IjoxNjIzMDQ1ODE2LCJleHAiOjE2MjMwNDY0MTZ9.RQWSrWE0uIeiKdW11Hho0yLJBM6LVJSXxIJCvy8-CNmJ4xoncAcaizqKIpN-mIL1AYQXFFDLrB_y0iZOoHBKnwjUVRt14OUhUjVuV57ntIFMAy5Xljiv5KGWkP5w0ZDuTcs72AEGd4q1BXwrEKyoT-q_F1GYkUB28E1f0LegOLH84p0VeaJ-CHbduHWXoC4J_j1yi7G1dDJu7U2rWNG7mT876b7n5S6QuV2pC3XJqzMoX2o10Kt3Zbpl9Pk1CDxDDjApntfnjeQjmwAcJAZ0MFxQWL8UHjFnzde0EI0RQWzGDFaMqC6lurEw6tuYDiJvPdSrjMcktSuF3p3g-Vs8eg",
"expires_in": 600,
"token_type": "Bearer"
}
Shop Reviews
Reviews are written by Prisjakt users. This API allows a user to fetch and reply on reviews for a shop they are authorized to manage.
Example requests
curl --location --request GET 'https://api.schibsted.com/prisjakt/reviews?shop_id=<replace with shop ID>&market=se \
--header 'client-id: <replace with client ID>' \
--header 'Authorization: Bearer <replace with access token>'
Rate Limiting
To make the API fast for everybody, rate limiting is applied to the Client ID.
Production: 10,000 requests in 1 hour
The returned HTTP headers of any API request show your current rate limit status:
HEADER | DESCRIPTION |
---|---|
X-RateLimit-Limit | The maximum number of requests you're permitted to make per hour. |
X-RateLimit-Remaining | The number of requests remaining in the current rate limit window. |
X-RateLimit-Reset | The time in milliseconds when the current rate limit window resets. |
HTTP status code 429
is used to indicate that the current rate limit has been exceeded.
Status: 429 Too Many Requests
X-RateLimit-Limit: 10000
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 600000
Webhooks
Webhooks are a way to receive real-time HTTP notifications when a review is created or updated. You can use webhooks to keep your system in sync with the Reviews API. The webhook payload is a JSON object that contains the review ID and the shop ID and market.
Structure of post message
{
shopId: number;
market: string;
reviewId: string;
}
Along with the payload described above a signature is sent in a header called pj-message-signature
. This signature can (and should) be used to verify the authenticity of the message.
Verifying the message signature
The signature is a hash-based message authentication code (HMAC) calculated using a shared secret, the post message, hashing with SHA-256 and finally returned in Base64-format.
Using JavaScript the signature in the request header can be verified like this:
const crypto = require('crypto');
const message = {
market: 'se',
shopId: 123,
reviewId: 'abc123',
}
const signatureFromHeader = 'sxIOCSFe/Nm43uZUFWGlRUWeJyI2/iXsyeLRv6LLJBU=';
const sharedSecret = 'c29tZSBzaWduaW5nIGtleQ==';
const signature = crypto
.createHmac('sha256', sharedSecret)
.update(JSON.stringify(message))
.digest('base64');
if (signature === signatureFromHeader) {
console.log(`Signature was successfully verified.`);
};