Skip to main content

Introduction to Baokim API

This page provides the basic information about the regulations and standards when working with Baokim's API.

1. Version Table

VersionDescriptionRelease Date
1.0Initial version2017-05-21
2.0Update new version2024-11-06
4.0Update new version2026-06-01

2. Terminology Table

TermExplanation
APIApplication Programming Interface, allowing different systems to interact.
SignatureDigital signature to authenticate and ensure data integrity.
Content-TypeThe type of data sent in the request or response.
RSA256RSA algorithm with a 256-bit key.
ED25519Edwards-curve Digital Signature Algorithm with a 256-bit key.

3. API URL

VersionSandboxProduction
1.0
2.0https://devtest.baokim.vnhttps://bws.baokim.vn

4. General Request Guidelines

Every request sent to Baokim's API should follow these guidelines:

NameValueDescription
Content-Typeapplication/jsonData format is JSON
SignatureDigital signatureDigital signature for request authentication

Body

FormatDescription
JSONContent of the request

5. General Response Guidelines

Every response from Baokim's API will follow these guidelines:

Header

NameValueDescription
Content-Typeapplication/jsonData format is JSON
SignatureDigital signatureDigital signature of Baokim. Structure

Body

FormatDescription
JSONContent of the response

6. Signature Format Details:

The Signature in the request should include the following fields:

  • keyVersion (Float): Version of the key used for the signature.
    Example: 1.0

  • algorithm (String): Signature algorithm used for signing the request.
    Allowed values: RSA256, ED25519

  • signature (String): Base64-encoded digital signature representing the content of the request, generated using the private key corresponding to the public key provided to Baokim.

  • Example Signature:

    keyVersion=1.0,algorithm=RSA256,signature=base64-encoded-signature

7. General Security Guidelines

All APIs developed and provided by Baokim must comply with the following digital signing standards:

  • All API requests must be digitally signed using the RSA256 or ED25519 algorithm. Now support RSA256 only.
  • The RSA public/private key pair must be generated by the counterparty and stored securely.
  • The private key is only stored on the authorized server (counterparty side) and is not transmitted over the network.
  • The public key is provided to Baokim to authenticate the digital signature of the API request.