Shein Authorization and Limits
| Version | Date | Created / Updated | Notes |
|---|---|---|---|
| v1.0 | 11.05.2024 | Bogomil Pavlov | First publish |
| v1.1 | 02.08.2024 | Bogomil Pavlov | Added language mapping based on country |
The purpose of this document is to give good understanding how Hemi will be integrated with new Shein API.
Using the Shein Rest API we will be able to manage orders and products completely from Hemi but before that there is an authentication process. In Hemi we will have separate account for each Shein territory and we should be able to select it in Account Shein. The available countries are:
| Country Name | Country Code | Shein country code | <v1.1>Language |
|---|---|---|---|
| Brazil | BR | shein-br | pt-br |
| Thailand | TH | shein-th | th |
| United States | US | shein-us | en |
| Mexico | MX | shein-mx | es |
| Germany | DE | shein-de | de |
| France | FR | shein-fr | fr |
| Spain | ES | shein-es | es |
| Italy | IT | shein-it | en |
| Netherlands | NL | shein-nl | en |
| Poland | PL | shein-pl | en |
| Portugal | PT | shein-pt | pt-br |
| Sweden | SE | shein-se | en |
| United Kingdom | GB | <v1.1>shein-uk</v1.1> | en</v1.1> |
Please note we want to show the Country Name and pusht the Shein country code.
Also we need to think for a solution because all errors are in Chinese and they do not bring any value storing them in Hemi thus we need to look for a translation solution.
The whole authorization looks like we have to generate a link which the seller will use to authenticate our application then the seller will be redirected and from the URL we will need to obtain the temporary code. Thus we will have to use our callbacks in order to obtain that temporary code.
Here are the steps of the Authentication:
Then we have to make additional request in order to receive the Secret and API key
- The third-party application is spliced to generate an authorization link and jumps to the SHEIN account unified login authentication page.
- The seller/supplier completes the main account login authentication and confirms authorization
- After the authorization is completed, jump to the redirection address maintained by the third-party application and return the temporary key to the third-party application.
- Third-party applications exchange temporary keys for long-term keys
- Third-party applications initiate interface calls through long-term key generation signatures
End points:
| Production | https://openapi.sheincorp.com |
|---|---|
| Sandbox | https://openapi-test01.sheincorp.cn |
Authorization link structure:
https:*//openapi-sem.sheincorp.com/#/empower?appid=F9D87342D803BA78E1EE49997162&redirectUrl=aHR0cHM6Ly93d3cuYmFpZHUuY29t&state=AUTH-SHEIN-1624700000000*
| Field | Is it required? | describe | use |
|---|---|---|---|
| appid | Required | Developer application id | Authorize applications to specific developers |
| redirectUrl | Required | redirect address BASE64 encode | Jump back to the redirect address of the third-party application with parameters,BASE64 encode |
| state | Required | Developer-defined value | Return as is after the jump, used to identify which authorized return it is. |
**Credentials:
| Production | |
|---|---|
| APP_ID | 116F3B227480397C4365326F467CD |
| APP_Secretkey | EB1F5B5D77FE482CAD095018D46E67B6 |
| Sandbox | |
|---|---|
| APP_ID | F510417C664448D386E87D47665213D6 |
| APP_Secretkey | 1743FEBC5E314E92A63C112EFDF600A3 |
Signature:
Signature can be generated using the following JS within the request code:
pm.globals.set("url_path", "/open-api/order/order-list");
pm.globals.set("x-lt-openKeyId", "F510417C664448D386E87D47665213D6");
pm.globals.set("secretKey", "1743FEBC5E314E92A63C112EFDF600A3");
pm.globals.set("randomKey", "test0");
pm.globals.set("x-lt-timestamp", (new Date()).getTime().toString());
var key = pm.globals.get("secretKey") + pm.globals.get("randomKey");
var value = pm.globals.get("x-lt-openKeyId") + "&" + pm.globals.get("x-lt-timestamp") + "&" + pm.globals.get("url_path");
var midSignature = (CryptoJS.HmacSHA256(value,key)).toString();
var midUtf8 = CryptoJS.enc.Utf8.parse(midSignature);
var signature = pm.globals.get("randomKey") + CryptoJS.enc.Base64.stringify(midUtf8);
pm.globals.set("signature", signature);Exchange Temporary code
API Call: POST /open-api/auth/get-by-token API Docs:https://open.sheincorp.com/documents/system/2EB1F5B5D77FE482CAD095018D46E67B6169474d-1d4a-41a9-b9fd-427f63f54a63 Body:
{
"tempToken": {{the temporary code from the redirect URL}}
}Sample request:
POST https://openapi.sheincorp.com**/open-api/auth/get-by-token
Body:**
{
"tempToken": "de723b1c-210b-4ecc-8da4-5f1da6ea0a9b"
}Sample response: 200OK
{
"code":"0",
"msg":"success",
"info":{
"secretKey":"1743FEBC5E314E92A63C112EFDF600A3",
"openKeyId":"AA52A169C0BD409D96B7D24BE5315477",
"appid":"104C19B96F8009DFA721F38186337",
"state":""
}
}Mapping:
| Shein Field | Hemi Field | Comment | |
|---|---|---|---|
| code | N/A | ||
| msg | N/A | ||
| info | |||
| secretKey | Need to be store within the system for future request. Do not expire until we generate a new one | ||
| openKeyId | Need to be store within the system for future request. Do not expire until we generate a new one | ||
| appid | N/A | ||
| state | N/A |
If for some reason the authentication is returning an error we want to see the error in the terminal.
Limits:
| Request | Limit |
|---|---|
| Get Order List | 20 requests per second |
| Get Order Details | 50 requests per second |
| Get Order Address | 50 requests per second |
| Ship Orders | |
| Stock Update | Up to 100 skus in a payload |