Konaplate logo

Guidelines

Open API

KONA PLATE provides an Open API for a variety of resources based on the KONA payment platform, which provides a variety of options to flexibly build an affiliate's business model.

It complies with the Personal Information & Information Security Management System (ISMS-P) and Payment Card Industry Data Security Standard (PCI DSS) security certification standards on the KONA payment platform, which maintain strong security for KONA PLATE. 

The KONA PLATE Open API also ensures the data integrity of sensitive information, such as payments and privacy, and ensures stability against external leaks through encryption.

It supports the identification of response codes by API for various types of services of affiliates, so that affiliates can quickly review the suitability of the KONA PLATE Open API.


Open API Quick Guide

  1. After signing up as a member without any special conditions, you can activate your account by authenticating the email you entered when you signed up.

  2. Log in with an active account and click [Create Project] button in [My Dashboard].
    (1) You can check the status of the member's project in [My Dashboard].
    (2) You can create a new project by clicking the [Create Project] button.

  3. Enter the information to create the project and select the API package.
    Depending on the API package selected, the project will be created immediately or with the approval of the KONA PLATE team.

  4. On the [Credentials] page of the project that has been created, add/verify the certificate and key of the encryption key.
    For API testing, download the server certificate and client certificate of the encryption key ID that you enter in the header.
    ※ You can generate up to two encryption key IDs.

  5. On the [Credentials] page of the project that has been created, add/confirm the access and secret keys of the sandbox key.
    For API testing, check/copy the access key ID and secret key ID of the sandbox key to enter in the header.
    ※ You can generate up to two sandbox key IDs.

  6. In the [Project Summary] enu, view the API request URL for which you want to request an API.
    If it is a sandbox, the API request URL is as follows:
    - - https://sandbox.konaplate.com/open-api 

  7. Check the API and API documents for the project you want to test.
    - If you use request value/response value encryption, the encryption key ID is required and is encrypted with the public key of the server certificate.
    - For more information on how to encrypt, see 
    Message Encrytion.Encrypt Of Request

  8. Adds the encryption ID of the certificate to the request header value with the X-KM-Crypto-Key-Id key name. 
    ※ If request value or response value encryption is required, an X-KM-Crypto-Key-Id must be added to the request header.

  9. For message data integrity of the request value, create an X-KM-Tran-Token and add it to the X-KM-Tran-Token.
    - What is X-KM-Tran Token ?
    : Key to verify data integrity.

  10. Refer to the Common Header Information page of the request value to add the remaining header information. 
    - What is Common Header Information ?
    : Contains meta-information describing the REST API request and request data sent to the web server of KONA PLATE.
    Header Of Request

  11. Check the response value by requesting to the server using the HTTP Client Tool.

  12. Validate the data integrity of the response value with the value of the X-KM-Tran-Token in the request header.
    - For more information, see the Message Encrytion page.

  13. If the request value is encrypted, the certificate in the X-KM-Crypto-Key-Id of the response value header is decrypted with the client private key to verify the response message.
    Encypt Message Of Response

    ※ Decryption method using Client's private key
    Response 복호화