Overview

About Infosys Equinox App Marketplace

The Infosys Equinox App Marketplace is a comprehensive repository that enhances the Infosys Equinox Commerce platform by allowing business administrators or merchants to install published apps. These apps add new functionalities and experiences to their stores, contributing to the transition from good to great customer experiences.

The following screen illustrates the high-level view of App Marketplace:

  • App Development: Developers can create apps using any language or framework, which are then hosted outside the core platform to extend its capabilities. For developing an app, refer to the section Developer Apps.
  • App Management: App owners can register, configure, manage, and publish their apps to the App Manager, making them available for installation. See the section “Steps for Registering an App” in the App Marketplace Admin Guide for more information.
  • Installation and Activation: Merchants can install these apps in their stores, activating new features and enhancing the shopping experience. See the sections “Installing an App” and “Activating an Installed App” in the App Marketplace Admin Guide for more information.
  • Asynchronous Webhooks: Apps can register for asynchronous webhooks for predefined events or actions, allowing for updates and interactions.
  • Scopes and Roles: Apps can register for specific scopes to call Infosys Equinox microservices, enabling them to fetch or update data as needed.

For detailed information on registering an async app in the Equinox Commerce platform, see the sections App Developer Workflow, Steps for Registering an App, and Managing Developer Apps

The App Marketplace is instrumental in fostering a dynamic and customizable e-commerce environment, ensuring that businesses can adapt quickly to market trends and consumer preferences.

See also: Flyer – App Marketplace.

Why Infosys Equinox App Marketplace

The App Marketplace in Infosys Equinox serves as a repository of apps that allows business administrators or merchants to install published apps to their stores, adding new functionalities and experiences. It enables developers to create and manage apps that can enhance the platform’s behavior with new features and extended functionalities. The marketplace also provides capabilities for app registration, configuration, management, and publishing, as well as the installation of apps to stores.

What are Apps in the Infosys Equinox App Marketplace

The Apps in the Infosys Equinox App Marketplace are indeed pluggable components that are designed to enhance the platform’s behavior by adding new functionalities. They can be developed using any programming language or framework, as long as they are able to interact with the Infosys Equinox platform through its APIs or webhooks. This allows for a high degree of flexibility and customization, enabling businesses to extend the capabilities of their e-commerce platform according to their specific needs and goals.

Prerequisites

To get started with Infosys Equinox App Marketplace, you need to follow these steps:

  • New Business and Enable App Marketplace: As a business admin, you need to create a new business and enable the App Marketplace.
  • Invite the Developer to the Business: Invite the developers who are the app owners to the business to register their apps in Developer Apps.
  • Functionality to Extend: Developers can develop apps, which are pluggable components or applications built using any language or framework, hosted outside the core platform that can enhance the platform’s behavior with new features and extended functionalities.
  • Asynchronous or Synchronous: Infosys Equinox App Marketplace allows apps to register for async webhooks for pre-defined events or actions.
  • Webhooks to Listen: An async webhook sends the event payload to the app-registered endpoint if the registered events or actions have occurred in the Infosys Equinox microservices.
  • Callbacks that App must Make: The app needs to make callbacks to the Infosys Equinox microservices to fetch or update data.
  • Endpoints that App will Expose: The app will expose endpoints to receive the event payload from the async webhooks.

References:

App Development

Types of Apps in Infosys Equinox App Marketplace

The Infosys Equinox App Marketplace offers a variety of apps that can be integrated with the platform to enhance its capabilities. Here are some types of apps available:

  • Asynchronous Apps: The key components of asynchronous applications within the Infosys Equinox microservices platform are as follows:
    • Events in the Platform: These are triggers such as “Order Created” or “Product Update” that initiate system actions when a user performs a specific task. See events in the Asynchronous Apps document.
    • Asynchronous Webhooks: These allow applications to be notified about events occurring on the platform. Applications must register for these webhooks to receive asynchronous notifications. See Asynchronous Webhooks in the App Marketplace Admin Guide.
    • App Callback: This feature enables applications to register for predefined scopes associated with microservices and roles, allowing them to call back Infosys Equinox microservices APIs. See App Callback in the Asynchronous Apps document.
  • Standard Apps: The Infosys Equinox platform enables standard apps to integrate functionalities such as payment, shipping, tax, and address handling. These apps are designed to make synchronous API calls to third-party providers through the platform’s extensions. It allows apps to enhance and customize the platform’s capabilities:
    • Registration: Apps can register for extensions within the platform to customize their operations.
    • Customization: Through extensions, apps can implement custom business logic to modify or extend the behavior of the platform’s APIs.
    • API Endpoints: Registered apps must expose REST API endpoints that conform to the specified request/ structure for each extension point they subscribe to.

    Note: Refer to the Extensions page for the list of extensions developed for standard apps.

    Here is the list of some of the standard apps:

    App Type App Name Sample Reference Document
    Payment Apps Stripe, Braintree, CyberSource, Klarna
    • Stripe Payment App
    Tax Apps Avalara AvaTax
    Address Validator Apps Avalara Address Validator
    • Avalara Address App
    • CyberSource Address App
    Shipping Apps USPS
    • USPS Shipping App
    Similarly, developers are continuously creating new apps that are added to the App Marketplace. Clients can also add their own custom apps to meet specific business requirements by following the steps provided in this documentation.

    Developer Apps for a Merchant

    For the merchant workflow in the App Marketplace, refer to “Merchant Workflow for the App Marketplace“.

    Building an App in the Infosys Equinox App Marketplace

    To build an app in the Infosys Equinox App Marketplace and integrate it with the platform, you should follow these steps:

    1. Create HTTP Endpoints: Develop your app and host it in the required environment. Configure the HTTP endpoint that will act as a webhook endpoint in Infosys Equinox.
    2. Verify Signature: Implement signature verification in your app’s header using the app secret generated during the app registration process in the Infosys Equinox App Marketplace.
    3. Develop App Logic: Build your app as a Lambda function, cloud function, or similar to handle events. Use internal processing to implement the custom business logic required for your app’s functionality.

    Here are the best practices and recommendations for building an app:

    • Developers should choose a cloud-agnostic framework like a serverless framework and lightweight languages like Node with TypeScript/JavaScript, although there is no strict restriction on this.
    • Some apps developed earlier used Spring Cloud Function with Java and Spring Boot.
    • If an app is complex, the developer can choose to deploy it in a container.
    • Multiple languages can be combined in a single app and deployed using a serverless framework. Any communication between platforms and apps happens via APIs that follow API standards.
    • For spec-based apps like Payment and Shipping, developers should follow the specifications available in the Payment/Shipping microservice.
    • Developers should expose the app APIs adhering to the format required by the respective microservice.
    • Enable logging to CloudWatch with different log levels and keep the log level configuration in the app settings.
    • Keep secrets like the HMAC key in the secrets manager.
    • Enable the SonarQube extension in VS Code to identify sonar issues locally.

    For the steps involved in developing and publishing any standard apps on the platform, refer to the list of some of the standard apps.

    Registering & Publishing an App to the App Marketplace

    To publish your app to the Infosys Equinox App Marketplace, follow these steps:

    To publish an app from Developer Apps to the App Marketplace involves a series of steps:

    • App Development and Testing: A super admin invites an app developer to a ‘test business’ created specifically for app development. The developer can register and validate their app in these test stores. See “Steps for Registering an App” in the App Marketplace Admin Guide for more information.
    • App Configuration: The app developer uploads app metadata template files to create and update app configurations. These configurations are managed using admin business tools.
    • App Approval: The configured app is then submitted for approval. The App Marketplace administrator has the authority to approve or reject the app based on its compliance with the marketplace’s guidelines. See Approving an App and Rejecting an App.
    • App Publishing: Once approved, developers can publish the app in the App Store.
    • App Unpublishing: If necessary, there are provisions for developers to unpublish their apps from the App Store.

    Refer to the Admin User Guide – App Marketplace for more detailed instructions.

    Extensions in Infosys Equinox

    Overview

    Extensions in Infosys Equinox allow apps to register and extend the behavior of specific Infosys Equinox Commerce APIs with their own business logic. In other words, apps can use these extensions, or synchronous webhooks, to tailor the APIs to their specific needs.

    In this synchronous approach, the process is intercepted, and the outcome of the process is determined by the apps or applications based on some business logic. The transaction or process that is intercepted would be a failure unless the extension receives a valid response payload from the application or app.

    The extension is called while processing the create, patch, update, or delete request of an API call, but the result persists based on the response received from the application or app.

    Refer to the Extensions page for the list of extensions developed for standard apps.

    Why to Use Extensions

    Extensions in Infosys Equinox are used for the following reasons:

    • Extend the behavior of specific Equinox APIs.
    • Facilitate the integration of third-party services with the Equinox platform.
    • Provide an improved customer experience.
    • Ensure data accuracy and adherence to business rules.
    • Allow for real-time processing and decision-making, which is crucial for dynamic business environments.
    • Provide businesses control over the transaction or process.

    Overall, extensions are a powerful feature that provides flexibility, control, and the ability to customize and integrate functionalities within the Infosys Equinox ecosystem.

    How to Use Webhook in an Extension

    To use a webhook in an extension in Infosys Equinox, you need to follow these steps:

    • Register for Extensions: Apps can register for extensions to extend the behavior of specific Equinox APIs with their business logic.
    • Configure Webhook: Define the webhook configuration with the endpoint URL, webhook type (ASYNC), priority, and the events to listen for.
    • Validate Signature: Once registered, perform signature verification for the payload received to ensure security.
    • App Callback: Configure app scopes for generating callback access tokens and define callbacks to interact with Equinox APIs.

    Here is a simplified flow:

    • Step 1: Register your app for extensions on the Infosys Equinox platform.
    • Step 2: Configure your webhook with the necessary details such as URL, type, priority, and events.
    • Step 3: Implement signature verification to authenticate the event payload received from the webhook.
    • Step 4: Set up app callbacks with the required scopes and obtain access tokens for interacting with the Equinox APIs.

    By following these steps, you can effectively use webhooks in an extension to enhance the functionality of your application within the Infosys Equinox ecosystem.

    Webhooks

    About Webhooks

    In Infosys Equinox, a Webhook is a mechanism that allows applications to be notified when specific events occur within the Equinox microservices. Here is how it works:

    • Event Notification: When an event occurs, such as the creation of a new product, the webhook notifies the registered application asynchronously.
    • Configuration: Applications can configure webhooks to listen for specific events. The configuration includes the endpoint URL, webhook type (ASYNC), priority, and the events to listen for.
    • Signature Verification: To ensure security, each webhook payload is encoded with a signature. The receiving application must verify this signature using the app’s secret key before processing the payload.
    • App Callback: Apps can define callbacks to interact with Equinox APIs, and they need to configure app scopes for generating callback access tokens.

    Webhooks are essential for data synchronization and for extending the functionality of the Infosys Equinox platform by reacting to changes and events as they happen.

    Events and its Details

    What are Events?

    Events are instances or occurrences that trigger actions within a system. They can be user interactions, data modifications, or external signals. By fostering communication among various components, events facilitate a more flexible and loosely coupled system architecture. In the context of the Equinox Commerce platform, these events can be monitored and configured as webhook subscriptions to drive specific actions in your app. This makes your app more responsive and adaptable to changes within the platform.

    When are the events generated?

    Events are generated whenever a user takes an action in the storefront. For example, an event “Order Created” is triggered when an order is placed. Similarly, the event “Product Update” is triggered when product details are updated.

    How are the events generated?

    When an action is performed on the platform, an event is triggered and sent to the serverless event-driven architecture providers such as:

    Structure of Parent Event

    { 
  "id": "{random-generated-identifier}", 
  "timestamp": "", 
  "payload": {  
  }, 
  "eventType": "{event-type}", 
  "collectionId": "{collection-id}", 
  "userId": "{userID}", 
  "actOnBehalfOfUser": 0 
}

    Customizing Events

    Customizing events can be a crucial aspect of tailoring your microservices to meet specific needs. Here is how you can do it: 

    Customize APIs at the Microservice Level

    Customize the APIs for a particular service to ensure if any additional information is needed via event. Add the annotation given below in the implementation class if any customization APIs are built by implementing in any of the microservices.

    @SendEvent(eventType={Name of the event}, identifier={Identifier to fetch from request / response Object})

    Note: The naming pattern of the event type should be
    {serviceName}/{entityName}/{actionName}
     
    Example:  

    @SendEvent(eventType = “accountservice/account/create”, identifier = "response_account.id") public AccountResponse process (AccountRequest request) { }

    In the above example, the event type accountservice/account/create denotes the create action in the Accounts service. Also, the identifier response_account.id denotes that the account.id must be fetched from the response object.

    Exclusion of Parameters:

    To exclude a parameter from the event payload, add parameter toSkipAttr to the SendEvent annotation with the path(s) of the attributes which needs to be skipped.

    Example: 

    public class Users{ 
private long id; 
private Credentials credentials; 
} 
public class response extends Outputmodel{ 
private List<Users> createdUsers; 
private Users users;
}

    In this above code, if you want to exclude credentials from List<Users> response and id from Users, path needs to be given as toSkipAttri = {"createdUsers.credentials"," users.id"} in the SendEvent annotation:

    @SendEvent(eventType = "accountservice/account/create", identifier = "response_account.id", toSkipAttri = {"createdUsers.credentials","users.id"} )  
public AccountResponse process (AccountRequest request) { }

    Customize APIs at the Storefront Orchestration and Admin Orchestration services level

    Customize the APIs at the Storefront Orchestration and Admin Orchestration services level to ensure if any additional information is needed via event.

    Steps to customize APIs in Orchestration Services

    To customize APIs at the Storefront Orchestration and Admin Orchestration services level,

    1. Create a custom class CamelEventConfiguration for interception to specific route that implement the CamelContextConfiguration interface which contains two methods: getPayload() and sendEventPayload().

      Example: 
      public class CamelEventConfiguration implements CamelContextConfiguration
{ 
@Override private void beforeApplicationStart(CamelContext camelContext)
{ camelContext.getRouteDefinition("routeAddCustomerAddressRest").adviceWith(camelContext, new AdviceWithRouteBuilder({ 
@Override public void configure() throws Exception {
onCompletion().toProcess("resetPasswordExternalEvent");
} });
} 
private void afterApplicationStart(CamelContext camelContext) {} }
    2. Create a custom process class CreateCustomerEvent and autowire EventUtil in the class inside the process class. You need to call these methods:
      • getPayload(): to convert payload from the body of the route.
      • sendEventPayload(): to send event payload to event bridge with the above payload. 
        public class CreateCustomerEvent implements Processor
{ 
@Autowired private EventUtil eventUtil; 
@Override public void process(Exchange exchange) throws JsonParseException, JsonMappingException, IOException 
{ EventPayload<?> event= eventUtil.getPayload(exchange, CustomerLoginResponse.class);
//You can change the id, eventType, and payload information from the event and send it to below mentioned send event function. 
eventUtil.sendEventPayload(event); }
    Orchestration Support:
    public class EventUtil 
{ public void sendEventPayload(EventPayload payloadobject{}
public Object getPayload(Exchange exchange, Class responseModel){}
}
    Overriding an Event Payload

    All the events by default in platform are FAT events which means, that it will provide details as per the complete API response.

    To override an event payload, the following method from the abstract class to be overridden in the extension plugin for the service.

    Syntax:

    abstract class EventProcess { 
public void updateEventPayload(InputModel input, OutputModel output,
EventPayload<object> event) { } }
    Note: The parameters used in the above syntax is as follows:
    • input:  denotes request object is sent.
    • output:  denotes response object is sent.
    • event:  denotes thin event object is sent to update the fat events.
    Example: 
    public class OrderEventProcessImpl extends EventProcess
{ @Override
public void updateEventPayload(InputModel input, OutputModel output, EventPayload<object> event)
{ // Add stuff to override event payload 
} 
}
    List of Events and its Payloads for all Services

    Refer to the list of all events and their respective payloads for all the services:

    Sno. Services Events
    1. Accounts Events – Accounts
    2. App Marketplace Events – App Marketplace
    3. Address Events – Address
    4. Authorization Events – Authorization
    5. Cart Events – Cart
    6. Catalog Events – Catalog
    7. Customers (User) Events – Customers (User)
    8. Feed Job Events – Feed Job
    9. Feeds Events – Feeds
    10. Foundation Events – Foundation
    11. Inventory Events – Inventory
    12. Lists Events – Lists
    13. Location Events – Location
    14. Loyalty Events – Loyalty
    15. Merchandising Events – Merchandising
    16. Notification Events – Notification
    17. Order Events – Order
    18. Payment Events – Payment
    19. Pricing Events – Pricing
    20. Promotions Events – Promotions
    21. Ratings and Reviews Events – Ratings and Reviews
    22. Reporting Events – Reporting
    23. Search Events – Search
    24. Shipping Events – Shipping
    25. Storefront Orchestration Events – Storefront Orchestration
    26. Subscription Events – Subscription
    27. Tax Events – Tax

    Asynchronous Apps

    Infosys Equinox App Marketplace allows apps to register for asynchronous webhooks (for any of the events on the platform), and apps can register for pre-defined scopes (microservices and associated roles) to call back Infosys Equinox microservices APIs.

    The following diagram depicts the asynchronous webhooks workflow of App Marketplace:

    asynchronous-workflow Note:For the list of events and its payload of all microservices, see Events and its Payload

    Asynchronous Webhooks

    An Asynchronous App in the Infosys Equinox App Marketplace is an application that can register for asynchronous webhooks. These webhooks notify the application when specific events occur on Infosys Equinox microservices.

    Here is how it works:

    Step 1: Webhook Configuration: The app provides a URL (the app-hosted endpoint) and specifies the type of webhook (ASYNC), its priority (Normal or High), and the events it wants to be notified about.

    Here is the sample webhook configuration:

    URL App hosted endpoint
    WEBHOOK TYPE ASYNC
    PRIORITY Normal or High
    EVENTS Refer to the  list of all the events on the platform available across microservices.

    Note: Apps can be configured for multiple webhooks. There is no restriction on the number of webhooks that can be configured for an app.

    Step 2: Signature Validation: Once the app has registered for async webhooks, it will be notified when the events occur on the platform. To view the event payload, the app has to perform signature verification.

    Below are the steps to fetch the app secret stored for the app and use it to generate the signature for the payload received:

    1. Fetch the app secret for the app ID, which is included in the payload.
    2. Generate the signature using the calculateHMACSHA256 function. It takes the event payload and app secret as parameters.
    3. The verifySignature function validates the signature received in the payload header against the generated signature.
    4. If there is a mismatch, it returns an authentication failure response.

    Functions included – CommonUtils

    1. verifySignature(event, signatureReceived, apiSecret)
    2. calculateHMACSHA256(event, secretKey) signature-validation-code signature-validation-code signature-validation-code
    3. App Callback:
      1. Configure for the App Scopes: The app identifies the callbacks needed to update Equinox APIs and configures them as app scopes. Provide link to the list of app scopes on the platform.
      2. Get Access Token for Callback: It then obtains an access token for the callback. To obtain the authentication token via the Authorize Lambda,
        • a third-party application needs to be aware of the following parameters:
          1. Authorize Lambda Endpoint: The URL where the Authorize Lambda function is hosted.
          2. App ID: The unique identifier for the application.
          3. App Version: The version of the application.
          4. Store ID: The identifier of the store where the application is installed.
          5. Base URL of the App: The root URL of the application.
          6. State and Nonce: These are optional parameters used for security purposes in OAuth 2.0 to mitigate cross-site request forgery (CSRF) attacks.
          7. expiryTime: This should be set to 5 seconds after the current time. It is used to ensure the request is only valid for a short period of time to prevent replay attacks.
        • Here is an example of how you can set up a request to authorize a Lambda function:

    Header: signature (requestBody encoded with the app secret)

    Request Body:

    { 
    "storeId": "11", 
    "appId": "653906ec170e703d543dbf3f", 
    "appVersion": "8.16.0", 
    "baseUrl": "https: //8jr9vvcqgi.execute-api.us-east-1.amazonaws.com", 
    "expireTime": 1699260660745, 
    "nonce": "nonce", 
    "state": "state" 
}
    • The required steps you should follow to:

    1. Get the app secret, copy the app secret manually or subscribe for webhooks:

    { 
    "entity": "app", 
    "url": "doamin/appInstallationListener", 
    "webhookType": "ASYNC", 
    "events": [ 
        "appmarketplaceservices/apps/updateinstallation" 
    ] 
}

    2. Get the store ID when the app is installed in the store and subscribe to webhooks:

    { 
    "entity": "app", 
    "url": "doamin/appInstallationListener", 
    "webhookType": "ASYNC", 
    "events": [ 
        "appmarketplaceservices/apps/updateinstallation" 
    ] 
}

    3. Call the Authorize Lambda function with a signature in the header

    { 
    "storeId": "", 
    "appId": "", 
    "appVersion": "", 
    "baseUrl": "", 
    "expireTime":"", 
    "nonce": "", 
    "state": "" 
}

    Verifying Webhook Payloads for Asynchronous Apps

    A signature is a response generated when the payload body is encoded with the App Secret Key.

    Prerequisite

    Serverless apps should store their app secret, generated when the app is created in the Infosys Equinox App Marketplace. 

    Action

    1. Receive the signature: Check if you received a signature in the header section or not. The non-availability of the signature means the app secret is not present for that app. 
    2. Extract signature and data: If the signature is present when the receiver receives the webhook data, extract both the data from the body and the received signature from the headers. 
    3. Calculate the signature: Use the calculate HMACSHA256 function to calculate the signature based on the received data and the app secret key.
    4. Compare the signature: Compare the received signature with the calculated signature. If they match, the data is not tampered with, and the sender is verified.

    The following describes the sample payload and code snippet:

    Payloads

    { 
version: '2.0', 
routeKey: 'POST /target', 
rawPath: '/target', 
rawQueryString: '', 
headers: { 
accept: "*/*", 
'accept-encoding': 'gzip, deflate, br', 
'content-length': '2898', 
'content-type': 'application/json', 
host: '8jr9vvcqgi.execute-api.us-east-1.amazonaws.com', 
signature: '76a82c4751c7716d6a8c56c3d4013a43d9923e1a8fdc42883f7b48d6ddaf5776', 
'user-agent': 'node-fetch', 
'x-amzn-trace-id': 'Root=1-651bcf81-66dd86aa0d0202845330e51a', 
'x-forwarded-for': '54.226.21.201', 
'x-forwarded-port': '443', 
'x-forwarded-proto': 'https' 
}, 
requestContext: { 
accountId: '277827593990', 
apiId: '8jr9vvcqgi', 
domainName: '8jr9vvcqgi.execute-api.us-east-1.amazonaws.com', 
domainPrefix: '8jr9vvcqgi', 
http: { 
method: 'POST', 
path: '/target', 
protocol: 'HTTP/1.1', 
sourceIp: '54.226.21.201', 
userAgent: 'node-fetch' 
}, 
requestId: 'MN1cVgmhoAMEMSA=', 
routeKey: 'POST /target', 
stage: '$default', 
time: '03/Oct/2023:08:23:29 +0000', 
timeEpoch: 1696321409814 
}, 
body: '{"webhookDetails":{"appId":"651bce9d5d4dea0a83931083","appVersion":"1.0.0","storeId":"11","serviceCollectionId":"11","serviceName":"appmarketplace","subscriptionId":"651bcf085d4dea0a83931089","webhookId":"appmarketplaceservices.apps.updateinstallation","webhookName":"appmarketplaceservices/apps/updateinstallation","webhookType":"ASYNC","webhookUrl":"https://8jr9vvcqgi.execute-api.us-east-1.amazonaws.com/target","webhookTestUrl":"https://8jr9vvcqgi.execute-api.us-east-1.amazonaws.com/target","priority":"25","active":true,"createdOn":"2023-10-03T08:21:28.508","createdBy":0,"updatedOn":"2023-10-03T08:21:28.508","updatedBy":0},"event":{"version":"0","id":"72ebee61-6d96-7906-01c9-49f4d9c9411e","detail-type":"appmarketplaceservices/apps/updateinstallation","source":"appmarketplaceservices","account":"277827593990","time":"2023-10-03T08:23:28Z","region":"us-east-1","resources":[],"detail":{"id":"651bce9d5d4dea0a83931083","timestamp":1696321408767,"payload":{"patchResponseList":[{"createdBy":0,"createdOn":[2023,10,3,8,21,28,303000000],"updatedBy":0,"updatedOn":[2023,10,3,8,23,28,762325000],"id":"651bcf085d4dea0a83931085","appId":"651bce9d5d4dea0a83931083","appVersion":"1.0.0","merchantId":"1234","storeId":"11","collectionId":null,"clientId":"tarb86dd127749a","visibilityType":"PUBLIC","storeName":"T-Giant B2C Store","status":"ACTIVATED","category":"string","appName":"targetTest10","installationComplete":true,"installationStatus":"FULL","active":true,"appDisplayType":"DESKTOP","appConfigData":{"uiConfig":null,"feed":null,"installationConfig":null,"collectionConfig":[{"serviceName":"auth","serviceCollectionId":"10"},{"serviceName":"catalog","serviceCollectionId":"10"},{"serviceName":"inventory","serviceCollectionId":"10"},{"serviceName":"pricing","serviceCollectionId":"10"},{"serviceName":"order","serviceCollectionId":"1538405371250445"}]},"reason":null,"businessId":"3","businessEmail":null,"merchantEmailId":null,"businessType":"B2BANDB2C","processType":null,"locale":"en_US","storeLogo":"null"}]},"eventType":"appmarketplaceservices/apps/updateinstallation","userId":"45","actOnBehalfOfUser":0,"roles":["ROLE_SUPER_ADMIN"]}},"appConfigData":{"collectionConfig":[{"serviceName":"auth","serviceCollectionId":"10"},{"serviceName":"catalog","serviceCollectionId":"10"},{"serviceName":"inventory","serviceCollectionId":"10"},{"serviceName":"pricing","serviceCollectionId":"10"},{"serviceName":"order","serviceCollectionId":"1538405371250445"}],"uiConfig":null,"feed":null,"installationConfig":null},"businessId":"3","clientId":"tarb86dd127749a","authToken":"eyJhbGciOiJIUzUxMiJ9.eyJjcmVhdGVkIjoxNjk2MzIxNDA5NzYxLCJhY3Rpbmd1c2VybmFtZSI6IjIwMjMiLCJleHAiOjE2OTY0MDc4MDksImhhc2giOiJhYzRmMWE3NmRkNWJhMGVlMTViOTg4ZTVjZWEzNmM0MiIsImF1dGhvcml0aWVzIjoiW3t9XSIsInVzZXJuYW1lIjoidGFyYjg2ZGQxMjc3NDlhIn0.HcC_M7_DJkHDX3k2L365Cw9dQGeokg2pgKkl1ot-bCxPWE86JnSKP7yqs4ALXcd_dlN1M0nNdCH5jL5J9Ttwdg"}', 
isBase64Encoded: false 
}

    Code Snippet

    
import CryptoJS from 'crypto-js'; 
let signatureReceived = event.headers.signature; 
let bodyReceived = event.body; 
let apiSecret = getValuesFromParameterStore; 
var signature = calculateHMACSHA256(bodyReceived, apiSecret) 
if (signatureReceived == signature) { 
console.log("Authentication Successfull") 
} else { 
console.log("Authentication Failed") 
return { 
statusCode: 400, 
body: "Authentication Failed" 
}; 
} 
function calculateHMACSHA256(event, secretKey) { 
var hmac = CryptoJS.HmacSHA256(event, secretKey); 
return hmac.toString(CryptoJS.enc.Hex); 
}

     
    Revision History
    2025-04-10 | JP – Created page and updated content.