Explore the Offer API documentation to dynamically manage seller offers, pricing, and inventory. Learn how to authenticate requests using API keys and HMAC-SHA256 signature verification.
API Reference
The Offer API is organized around REST. Our API has predictable resource-oriented URLs, accepts form-encoded request bodies, returns JSON-encoded responses, and uses standard HTTP response codes, authentication, and verbs.
The Offer API enables sellers to manage their offers dynamically. It provides a comprehensive suite of endpoints to create new offers and modify existing ones, including real-time updates to pricing, expiration dates, and inventory status.
Authentication
The Offer API uses API Keys to authenticate requests. You can request, view and manage your API keys on the API Key Management page. How to Set Up Your PlayerAuctions API key?
Signature Verification
Authentication is handled via HTTP Headers, as shown in the table below:
| Param | Type | Description |
|---|---|---|
| X-PA-API-KEY | String | The API Keys you created in the API Key Management page. |
| X-PA-TIMESTAMP | timestamp | This is to indicate the timestamp of the request, in seconds. Required for all requests. Expires in 5 minutes. Example: 1780293232 |
| X-PA-SIGN | String |
Signature generated by api_key, timestamp and request body via HMAC-SHA256 hashing algorithm. Example: af41f49beda2d580e68ab4b5877a223695a92d663f6d62179414a94ceaf62ebb Note: When using an API such as offers/bulk-upload, the request body only consists of non-file form field values, and these values are sorted in alphabetical order by key. |
Sample
var CryptoJS = require("crypto-js");
const secretKey = "pask_jDOCvy7Ot4lTJNfGV3q78VPTXjl6Ms85GmY-Bc4wMKw"; // Your API Secret Key
const apiKey = "d7cbe9de312a83c255f1c8543f469695"; // Your API Key
const timestamp = "1780293232"; // timestamp
const requestBody = "{ 'offerId': 15000 }"; // Request body
let canonicalString = apiKey + String(timestamp) + requestBody;
const signature = CryptoJS.HmacSHA256(canonicalString, secretKey);string apiKey = "d7cbe9de312a83c255f1c8543f469695";
string timestamp = "1780293232";
string requestBody = "{ \"offerId\": 15000 }";
string secretKey = "pask_jDOCvy7Ot4lTJNfGV3q78VPTXjl6Ms85GmY-Bc4wMKw";
string canonicalString = $"{apiKey}{timestamp}{requestBody}";
byte[] keyBytes = Encoding.UTF8.GetBytes(secretKey);
byte[] messageBytes = Encoding.UTF8.GetBytes(canonicalString);
using (var hmac = new HMACSHA256(keyBytes))
{
byte[] hashBytes = hmac.ComputeHash(messageBytes);
var signature = BitConverter.ToString(hashBytes).Replace("-", "").ToLower();
Console.WriteLine(signature);
}<?php
function generateSignature($apiKey, $timestamp, $requestBody, $secretKey) {
$canonicalString = $apiKey . $timestamp . $requestBody;
return hash_hmac('sha256', $canonicalString, $secretKey);
}
$secretKey = "pask_jDOCvy7Ot4lTJNfGV3q78VPTXjl6Ms85GmY-Bc4wMKw";
$apiKey = "d7cbe9de312a83c255f1c8543f469695";
$timestamp = "1780293232";
$requestBody = "{ 'offerId': 15000 }";
$signature = generateSignature($apiKey, $timestamp, $requestBody, $secretKey);
echo "Signature: " . $signature . "\n";
?>