HemiKnowledge BaseHemiIntegrations
Table of Contents
Related Articles
Knowledge Base
Hemi System Administration Integrations Hemi PRD Library Hemi Content Stream General Information Custom additions Core Integrations & Marketplace Documentation Hemi Advanced Functionalities Data Management MP Tokens generation Hemi Technology Trainings Hemi Platform Integrations Release Notes
FAQs

Marketplaces / Temu Technical Scope / Temu Authorization

Temu Authorization

Version Date Created / Updated Notes
v1.0 30.01.2024 Bogomil First publish

The purpose of this document is to give good understanding of how Temu Authorization works.

Documentation URL - https://partner.temu.com/documentation?menu_code=38e79b35d2cb463d85619c1c786dd303&sub_menu_code=d221eb4428114e46b91f0e99277891ec

There are three endpoints one for EU, US and Mexico and Japan based on the Channel > Country we have to decide which endpoint to use

EU - [https://openapi-b-eu.temu.com/openapi/router](https://openapi-b-eu.temu.com/openapi/router) US - [https://openapi-b-us.temu.com/openapi/router](https://openapi-b-eu.temu.com/openapi/router) Mexico/Japan - [https://openapi-b-global.temu.com/openapi/router](https://openapi-b-global.temu.com/openapi/router)

We want to use the US endpoint only when we have Channel > Country = United States and when we have Channel > Country = Mexico or Japan to use the global URL and in all other cases we want to use the EU endpoint.

‼ Please note that the above is true for all calls. In each call we will give the endpoint with an example host but we need to use the correct domain pointer based on the Channel > Country value

Temu Authorization goes through application which means Hemi will have an application in their seller central which sellers can authorize and use.

We want to use integration and integration credentials structure to store the application keys:

  • app_key
  • app_secret

These keys will always be the same for us and the only different key will be the access_token

In order to obtain the access token the seller will have to authorize our app in their seller central and after completing the authorization, a code is sent to the app's pre-configured redirect_url. The app's front end retrieves the code and passes it to the back end, which then uses the code to generate an access_token. Each territory will have separate access token so this is the way we will distinguish the Temu Sites

This is something new for use because we are not generating any links and I am not sure how we will know to which instance/channel we will send the code?

The access_token has 3 months of expiration so once it expire we will have to…

More details to be added here how the callbacks, expiration date and generation of access token using the code!

There is also a so called Self-developed application which the seller simply creates an app and authorize it which will generate all the required keys and access_token for the connection. This can be used as workaround and quick win.

The actual authorization require a signature which we have to generate and encrypt using MD5 encryption.

This is the current script which we have build and use for the scoping in order to connect to the test account 

// Pre-request Script for Temu Seller API

// Get current timestamp in seconds
const timestamp = Math.floor(Date.now() / 1000);

// Retrieve required variables from environment or collection variables
const app_key = 'f860e759073f9d1e5c8bbeb7baac1dbf';
const app_secret = '121eac72693c6e587f7e15ce4721b42da5df2def';
const access_token = 'epla5wjmugeksf1w4how6ty4o9dcubbfnksqpl4vivoh78xdjl9tzlui2uo';

// Retrieve the body of the request (assuming the body is set and contains JSON)
const body = pm.request.body.raw; // Getting the body of the request
const parsedBody = JSON.parse(body); // Parsing the JSON

// Extract businessParams from the parsed body
const businessParams = parsedBody.businessParams; // Accessing the businessParams from the parsed request body

// Define public parameters
const publicParams = {
    "type": "bg.local.goods.priceorder.change.sku.price",
    "timestamp": timestamp,
    "app_key": app_key,
    "data_type": "JSON",
    "access_token": access_token,

       "skuList": [
                   {
         "listPriceType":"0",
        "listPrice": [
            {

                        "amount": "11",
                        "currency": "EUR"

            }],
            "goodsId":"604317113239437",
            "skuId":"62897648567566"
         } ]
};

// Combine and sort all parameters in ASCII order
const allParams = { ...publicParams, ...businessParams };
const sortedKeys = Object.keys(allParams).sort();

// Concatenate parameters as "keyvalue" pairs
let preSignString = '';
sortedKeys.forEach(key => {
    const value = typeof allParams[key] === 'object'
        ? JSON.stringify(allParams[key]) // Serialize objects and arrays
        : allParams[key];
    preSignString += `${key}${value}`;
});

// Add app_secret to the beginning and end of the string
preSignString = `${app_secret}${preSignString}${app_secret}`;

// Generate the MD5 hash for the signature
const crypto = require('crypto-js');
const signature = crypto.MD5(preSignString).toString(crypto.enc.Hex).toUpperCase();

// Add signature to public parameters
publicParams.sign = signature;

// Combine public and business parameters
const finalPayload = { ...publicParams, ...businessParams };

// Set the request body in JSON format
pm.request.body.update(JSON.stringify(finalPayload));

I strongly suggest this to be reviewed and build as per our standards and requirements.

Official documentation available here -

1-Temu Seller Developer Guide.pdf

Test Credentials:

app_key = 'f860e759073f9d1e5c8bbeb7baac1dbf';
app_secret = '121eac72693c6e587f7e15ce4721b42da5df2def';
access_token = 'epla5wjmugeksf1w4how6ty4o9dcubbfnksqpl4vivoh78xdjl9tzlui2uo';

Test Seller Account: https://seller-eu.temu.com/login.html?from=https%3A%2F%2Fseller-eu.temu.com%2F

Username - pddxjh@gmail.com

Password - 123456a@b

Documentation Logins: Username - 19120551848@163.com

Password - abc123..

More Test Credentials available here - https://partner.temu.com/documentation?menu_code=38e79b35d2cb463d85619c1c786dd303&sub_menu_code=81277d4345ea417bbd7be96468cc2dae

Limits

To ensure the stable operation of the open platform, we have implemented rate limiting for API requests.Typically, the initial rate limit for each app_key is set to 20 requests per second (qps).

Which mean if we have 30 clients selling on Temu we need to be careful with the timing and make sure not all requests starts at the same time!

Two Types of authorization to check if it is based on the app setup

‼ Please note: for the purpose of starting we will begin with only obtaining the toke via manual authorisation. For which case we should have a field in Hemi (Account Temu > Access Token) that SHOULD NOT be visible and accessible in the UI. Once we figure out the redirect we can implement either both or only Callback method

Is this article helpful?
0 0 0