Introduction
All Daisy endpoints need to be prefixed with this base URL
https://api.sharewithdaisy.com
The Daisy API is organized around REST. Our API has predictable resource-oriented URLs, accepts JSON-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
Authentication
To authorize any request, use this code:
curl "https://api.sharewithdaisy.com/[ENDPOINT]"
-H "Daisy-Secret-Key: {YOUR_SECRET_KEY}"
Make sure to replace
{YOUR_SECRET_KEY}with your secret key.
In order to perform operations on Daisy API, you need to send your secret key as Daisy-Secret-Key header. You can find your secret key under your application's dashboard in the Basic configuration section.
Daisy API expects for the API key to be included in all API requests to the server as a header in the following format :
Daisy-Secret-Key: {YOUR_SECRET_KEY}
Orders
The Order object
Attributes
| $nbsp; | ||
|---|---|---|
id |
string |
The order identifier |
reference |
string |
The order reference which is given by the merchant |
status |
string |
The order status. it can have one of these possible values : created, pending, payed , canceled |
paymentUrl |
string |
The order payment url |
returnUrl |
string |
The URL used to redirect the user after the first payment |
receiptUrlnullable |
string |
The leader dynamic receipt url |
productUrlnullable |
string |
The product url to which the participants can be redirected if they click on the main logo on the payment funnel (ex : event URL, product URL) |
clientToken |
string |
The token that will be used for DaisyJs's handleOrderCreation function. |
amount |
number |
The order amount (in cents) |
currency |
string |
The order currency |
language |
string |
The order user interface language |
reasonnullable |
string |
A brief description of the order purpose |
creationDate |
string |
The order creation date |
cancellationDatenullable |
string |
The order cancellation date |
Create an order
curl -X POST
https://api.sharewithdaisy.com/orders
-H 'Content-Type: application/json'
-H 'Daisy-Secret-Key: {YOUR_SECRET_KEY}'
-d '{
"reference":"C1S1X-I98CX23SS3-1MXS",
"amount":120000,
"currency":"EUR",
"returnUrl" : "https://www.merchant-website.com/confirm-order?id=C1S1X-I98CX23SS3-1MXS",
"productUrl" : "https://www.merchant-website.com/events/huy676gd",
"clientToken" : "tok_kj7gsHGjsdhg6SHGhgshd54"
"reason":"A trip to New York",
"language":"FR",
"skipTutorial" : true,
"leader" : {
"name" : "Monica Geller",
"amount" : 30000,
"email" : "[email protected]"
},
"participants" : [
{
"name" : "Chandler Bing",
"amount" : 30000
},
{
"name" : "Rachel Green",
"amount" : 30000
},
{
"name" : "Joey Tribbiani",
"amount" : 30000
}
]
}'
The above command returns JSON structured like this:
{
"id": "6272814c-2ca5-421e-a7bc-e290db9d57e2",
"reference": "C1S1X-I98CX23SS3-1MXS",
"status": "created",
"paymentUrl": "https://customers.sharewithdaisy.com/purchase/6272814c-2ca5-421e-a7bc-e290db9d57e2?lang=fr",
"returnUrl" : "https://www.merchant-website.com/confirm-order?id=C1S1X-I98CX23SS3-1MXS",
"productUrl" : "https://www.merchant-website.com/events/huy676gd",
"receiptUrl" : null,
"clientToken" : "tok_kj7gsHGjsdhg6SHGhgshd54",
"amount": 120000,
"currency": "EUR",
"language": "fr",
"reason" : "A trip to Paris",
"creationDate": "2019-05-31T11:57:13+0200",
"cancellationDate": null
}
This endpoint creates orders for a certain merchant application. This operation can also be performed via the DaisyJs plugin.
HTTP Request
POST https://api.sharewithdaisy.com/orders
Attributes
referencerequired |
string |
The order reference |
amountrequired |
number |
The order amount |
currencyrequired |
string |
The ISO code of the order currency |
returnUrlrequired |
string |
The URL used to redirect the user after the first payment |
productUrloptional |
string |
The product url to which the participants can be redirected if they click on the main logo on the payment funnel (ex : event URL, product URL) |
reasonoptional |
string |
A brief description of the order purpose |
languageoptional |
string |
The language of the payment link page. The possible values are : fr, en. Default is fr |
skipTutorialoptional |
boolean |
If set to true, the first tutorial page of the payment process will be ignored. Default is false |
leaderoptional |
object |
The leader of the group payment. He represents the first person launching the group payment. |
participantsoptional |
object[] |
The list of people participating to the group payment. |
The leader object
Attributes
namerequired |
string |
The leader's full name. |
amountrequired |
number |
The leader's contribution amount to the group order. |
emailrequired |
string |
The leader's email. |
The participant object
Attributes
namerequired |
string |
The participant's full name. |
amountrequired |
number |
The participant's contribution amount to the group order. |
Retrieve a specific order
curl "https://api.sharewithdaisy.com/orders/e4a3c429-e52d-43ed-890a-78b86cf6fab7"
-H 'Content-Type: application/json'
-H 'Daisy-Secret-Key: {YOUR_SECRET_KEY}'
The above command returns JSON structured like this:
{
"id": "e4a3c429-e52d-43ed-890a-78b86cf6fab7",
"reference": "C1S1X-I98CX2KJS3-1MXS",
"status": "payed",
"paymentUrl": "https://customers.sharewithdaisy.com/purchase/e4a3c429-e52d-43ed-890a-78b86cf6fab7?lang=fr",
"returnUrl" : "https://www.merchant-website.com/confirm-order?id=C1S1X-I98CX23SS3-1MXS",
"receiptUrl": "https://customers.sharewithdaisy.com/receipts/payments/f400cfba-fe5d-4833-9f98-ebe7327b92dd",
"productUrl" : "https://www.merchant-website.com/events/huy676gd",
"clientToken" : "tok_kj7gsHGjsdhg6SHGhgshd54",
"amount": 120000,
"currency": "EUR",
"language": "fr",
"skipTutorial": true,
"reason": "A trip to Paris",
"creationDate": "2019-05-31T17:54:27+0200"
}
Retrieves the order with the given ID.
HTTP Request
GET https://api.sharewithdaisy.com/orders/:id
Path parameters
id |
string |
The order identifier : it could be the merchant reference or the Daisy identifier |
Cancel a specific Order
curl "https://api.sharewithdaisy.com/orders/e4a3c429-e52d-43ed-890a-78b86cf6fab7"
-X DELETE
-H 'Content-Type: application/json'
-H 'Daisy-Secret-Key: {YOUR_SECRET_KEY}'
The above command returns JSON structured like this:
{
"id": "e4a3c429-e52d-43ed-890a-78b86cf6fab7",
"reference": "C1S1X-I98CX2KJS3-1MXS",
"status": "canceled",
"paymentUrl": "http://localhost:2053/purchase/e4a3c429-e52d-43ed-890a-78b86cf6fab7?lang=fr",
"productUrl" : "https://www.merchant-website.com/events/huy676gd",
"receiptUrl": null,
"amount": 120000,
"currency": "EUR",
"language": "fr",
"skipTutorial": true,
"reason": "A trip to Paris",
"creationDate": "2019-05-31T17:54:27+0200"
}
Cancels an application order immediately. If one or many of the participants have already payed, their payments will be automatically refunded and an email notification will be sent to both the organizer and the participants related to the order if the silent flag is set to false.
HTTP Request
DELETE https://api.sharewithdaisy.com/orders/:id
Path parameters
id |
string |
The order identifier : it could be the merchant reference or the Daisy identifier |
Query parameters
silent |
boolean |
If set to true, the leader and the participants won't be notified about the order cancellation. The default value is false. |
Errors
All of Daisy API errors share this same structure :
{
"status": 400,
"uri": "/orders",
"errors": [
{
"field": "reference",
"message": "The specified order reference already exists."
}
]
}
Daisy API uses conventional HTTP response codes to indicate the success or failure of an API request. In general: Codes in the 2xx range indicate success. Codes in the 4xx range indicate an error describing the problem with the provided information (e.g., a required parameter was omitted, a duplicate order reference, etc.). Codes in the 5xx range indicate an error with Daisy servers (these are rare).
The Daisy API can return these possible HTTP status codes:
Http codes
400 |
Bad Request -- Your request is invalid. |
401 |
Unauthorized -- Your Daisy-Secret-Key key is invalid. |
404 |
Not Found -- Whether an endpoint or an order is not found. |
405 |
Method Not Allowed -- You tried to access an endpoint with the wrong method. |
500 |
Internal Server Error -- We had a problem with our server. Try again later. |
Webhooks
Daisy can send webhook events that notify your application any time an event happens on your merchant application. This is especially useful for events like payed orders and new subscribed users that are not triggered by a direct API request.
You can register new webhooks and attach events to them on the webhooks section in your application dashboard.
Webhook events
Daisy fires 4 different webhook events. The following table explains when each one is fired.
Events
| $nbsp; | |
|---|---|
order.created |
Fires whenever an order is created on your merchant application. |
order.payed |
Fires whenever an order is payed on your merchant application. |
order.canceled |
Fires whenever an order is canceled on your merchant application . |
user.subscribed |
Fires whenever a new participant accepts to communicate their information to the merchant. |
Webhooks payload
Within every webhook event a JSON-encoded object is sent to the related registered endpoint in your application dashboard.
The webhook object contains three fixed attributes :
Attributes
| $nbsp; | ||
|---|---|---|
id |
string |
Contains the identifier of the event. |
type |
string |
Contains the event type. |
data |
object |
Contains the data associated to the event. |
The data attribute could change with the event type. The following tables will explain how this attribute changes with the different events.
Events like order.created, order.payed, order.canceled
For the
order.created,order.payed,order.canceledevents, the webhook payload should look like this :
{
"id": "dcfa1aaf-0ff0-4912-8556-93c1f2b48506",
"data": {
"id": "77ae3dab-4140-48d0-a857-c34843113616",
"amount": 120000,
"status": "created",
"currency": "EUR",
"reference": "C1S1X-I98CX23SS3-1MXS",
"receiptUrl": "https://customers.sharewithdaisy.com/receipts/payments/f400cfba-fe5d-4833-9f98-ebe7327b92dd",
"productUrl" : "https://www.merchant-website.com/events/huy676gd",
"creationDate": "2019-05-31T11:57:13+0200",
"cancellationDate": null
},
"type": "order.created"
}
Attributes
| $nbsp; | ||
|---|---|---|
id |
string |
The order identifier |
reference |
string |
The order reference which is given by the merchant |
status |
string |
The order status. It can have one of these possible values : created, pending, payed , canceled |
amount |
number |
The order amount (in cents) |
receiptUrlnullable |
string |
The leader dynamic receipt url |
productUrlnullable |
string |
The product url to which the participants can be redirected if they click on the main logo on the payment funnel (ex : event URL, product URL) |
currency |
string |
The order currency |
creationDate |
string |
The order creation date |
cancellationDatenullable |
string |
The cancellation date of the order |
Events like user.subscribed
For the
user.subscribedevent, the webhook payload should look like this :
{
"id": "ac4af181-cc9c-4119-9c92-b2e7c3fbe52a",
"data": {
"id": "862d11a7-761f-4304-b9d1-3da82acbc7de",
"ip": "2a01:e35:2f3d:7920:b855:1d6e:abc0:4f19",
"name": "Rachel Green",
"email": "[email protected]",
"order": {
"id": "ccc192cf-1bfa-42a2-b65d-318e3771eb41",
"amount": 120000,
"status": "payed",
"currency": "EUR",
"reference": "C1S1X-I9812OKJS3-1MXS",
"receiptUrl": "https://customers.sharewithdaisy.com/receipts/payments/f400cfba-fe5d-4833-9f98-ebe7327b92dd",
"productUrl" : "https://www.merchant-website.com/events/huy676gd",
"creationDate": "2019-06-03T17:19:08+0200",
"cancellationDate": null
},
"device": "desktop",
"ipCity": "New York",
"payedShare": 32521,
"ipCountryCode": "US"
},
"type": "user.subscribed"
}
Attributes
| $nbsp; | ||
|---|---|---|
id |
string |
The user's identifier |
name |
string |
The user's full name |
email |
string |
The user's email |
order |
object |
The related order. This object shares the same structure with the order.created, order.payed, order.canceled events |
payedShare |
number |
The paid share by the user |
device |
string |
The device used by the user to pay. This attribute can have one of these values : unknown, desktop, mobile, tablet |
ip |
string |
The IP address from which the user paid |
ipCitynullable |
string |
The IP address city name if detected |
ipCountryCodenullable |
string |
The IP address country code if detected |
Webhook Signatures
Here is an example of the
Daisy-Signatureheader :
Daisy-Signature: t=1559554856432,
s=4cafb659a9810f53d416cfb7cfc46cbfdc9871192cad3cd780456513b637d545
Note that newlines have been added in the example above for clarity, but a real
Daisy-Signatureheader will be all in one line.
Daisy signs the webhook events it sends to your endpoints. We do so by including a signature in each event Daisy-Signature header. This allows you to verify that the events were sent by Daisy, not by a third party.
The Daisy-Signature header contains a timestamp and one signature. The timestamp is prefixed by t=, and the signature is prefixed by a scheme. Schemes start with s.
Step 1: Extract the timestamp and signature from the header
Split the header, using the , character as the separator, to get a list of elements. Then split each element, using the = character as the separator, to get a prefix and value pair.
The value for the prefix t corresponds to the timestamp, and s corresponds to the signature.
Step 2: Prepare the signed_payload string
You achieve this by concatenating:
The timestamp (as a string)
The character
.The actual JSON payload (i.e., the request’s body)
Step 3: Determine the expected signature
Compute an HMAC with the SHA256 hash function. Use the endpoint signing secret as the key, and use the signed_payload string as the message.
Step 4: Compare signatures
Compare the signature(s) in the header to the expected signature. If a signature matches, compute the difference between the current timestamp and the received timestamp, then decide if the difference is within your tolerance.
To protect against timing attacks, use a constant-time string comparison to compare the expected signature to each of the received signatures.