Introduction to Baokim API
This page provides the basic information about the regulations and standards when working with Baokim's API.
1. Version Table
| Version | Description | Release Date |
|---|---|---|
| 1.0 | Initial version | 2017-05-21 |
| 2.0 | Update new version | 2024-11-06 |
| 4.0 | Update new version | 2026-06-01 |
2. Terminology Table
| Term | Explanation |
|---|---|
| API | Application Programming Interface, allowing different systems to interact. |
| Signature | Digital signature to authenticate and ensure data integrity. |
| Content-Type | The type of data sent in the request or response. |
| RSA256 | RSA algorithm with a 256-bit key. |
| ED25519 | Edwards-curve Digital Signature Algorithm with a 256-bit key. |
3. API URL
| Version | Sandbox | Production |
|---|---|---|
| 1.0 | ||
| 2.0 | https://devtest.baokim.vn | https://bws.baokim.vn |
4. General Request Guidelines
Every request sent to Baokim's API should follow these guidelines:
Header
| Name | Value | Description |
|---|---|---|
| Content-Type | application/json | Data format is JSON |
| Signature | Digital signature | Digital signature for request authentication |
Body
| Format | Description |
|---|---|
| JSON | Content of the request |
5. General Response Guidelines
Every response from Baokim's API will follow these guidelines:
Header
| Name | Value | Description |
|---|---|---|
| Content-Type | application/json | Data format is JSON |
| Signature | Digital signature | Digital signature of Baokim. Structure |
Body
| Format | Description |
|---|---|
| JSON | Content of the response |
6. Signature Format Details:
The Signature in the request should include the following fields:
-
keyVersion (Float): Version of the key used for the signature.
Example:1.0 -
algorithm (String): Signature algorithm used for signing the request.
Allowed values:RSA256,ED25519 -
signature (String): Base64-encoded digital signature representing the content of the request, generated using the private key corresponding to the public key provided to Baokim.
-
Example Signature:
keyVersion=1.0,algorithm=RSA256,signature=base64-encoded-signature
7. General Security Guidelines
All APIs developed and provided by Baokim must comply with the following digital signing standards:
- All API requests must be digitally signed using the RSA256 or ED25519 algorithm. Now support RSA256 only.
- The RSA public/private key pair must be generated by the counterparty and stored securely.
- The private key is only stored on the authorized server (counterparty side) and is not transmitted over the network.
- The public key is provided to Baokim to authenticate the digital signature of the API request.