#!/bin/bash # Miravia API Endpoint Testing Script # Tests various endpoints to validate authentication and structure # Your credentials APP_KEY="511420" APP_SECRET="hOzF4xsW6sBvPQPMSVTWyzYmyjg1gsiL" ACCESS_TOKEN="50000601517cxQldir9UpDdjDy8Oz1b4db215xHIevjZizVkfWDowiJw3x3dnpEp" echo "MIRAVIA API ENDPOINT TESTING" echo "============================" echo "App Key: $APP_KEY" echo "Access Token: ${ACCESS_TOKEN:0:20}..." echo "Timestamp: $(date)" echo "" # Function to generate HMAC-SHA256 signature generate_signature() { local api_name="$1" local params="$2" # Create string to be signed: api_name + sorted params local string_to_sign="$api_name$params" # Generate HMAC-SHA256 signature echo -n "$string_to_sign" | openssl dgst -sha256 -hmac "$APP_SECRET" | awk '{print toupper($2)}' } # Function to make API request test_endpoint() { local gateway="$1" local method="$2" local extra_params="$3" local description="$4" echo "========================================" echo "Testing: $method" echo "Gateway: $gateway" echo "Description: $description" echo "========================================" # Get current timestamp in milliseconds local timestamp=$(($(date +%s) * 1000)) # System parameters (sorted alphabetically for signature) local app_key_param="app_key$APP_KEY" local access_token_param="access_token$ACCESS_TOKEN" local format_param="formatjson" local method_param="method$method" local partner_param="partner_idiop-sdk-php-20220608" local sign_method_param="sign_methodsha256" local timestamp_param="timestamp$timestamp" local version_param="v1.0" # Combine all parameters for signature (alphabetically sorted) local params_for_signature="$access_token_param$app_key_param${extra_params}$format_param$method_param$partner_param$sign_method_param$timestamp_param$version_param" # Generate signature local signature=$(generate_signature "$method" "$params_for_signature") echo "Request Parameters:" echo " app_key: $APP_KEY" echo " access_token: ${ACCESS_TOKEN:0:20}..." echo " timestamp: $timestamp" echo " method: $method" echo " signature: $signature" # Make cURL request echo "" echo "Making cURL request..." local curl_data="app_key=$APP_KEY&access_token=$ACCESS_TOKEN×tamp=$timestamp&partner_id=iop-sdk-php-20220608&method=$method&v=1.0&format=json&sign_method=sha256&sign=$signature" # Add extra parameters if provided if [ ! -z "$extra_params" ]; then # Convert extra_params format for URL local url_extra_params=$(echo "$extra_params" | sed 's/\([a-zA-Z_]*\)\([^a-zA-Z_]*\)/\&\1=\2/g' | sed 's/^&//') curl_data="$curl_data$url_extra_params" fi echo "cURL Data: ${curl_data:0:100}..." echo "" # Execute cURL request local start_time=$(date +%s%3N) local response=$(curl -s -w "\nHTTP_CODE:%{http_code}\nTIME:%{time_total}" \ -X POST \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "$curl_data" \ "$gateway") local end_time=$(date +%s%3N) # Parse response local http_code=$(echo "$response" | grep "HTTP_CODE:" | cut -d: -f2) local time_total=$(echo "$response" | grep "TIME:" | cut -d: -f2) local response_body=$(echo "$response" | sed '/HTTP_CODE:/d' | sed '/TIME:/d') echo "Response Details:" echo " HTTP Code: $http_code" echo " Response Time: ${time_total}s" echo "" echo "Response Body:" # Try to format JSON if possible, otherwise show raw if echo "$response_body" | jq . >/dev/null 2>&1; then echo "$response_body" | jq . else # Show first 500 chars if not JSON echo "${response_body:0:500}" if [ ${#response_body} -gt 500 ]; then echo "...[response truncated]" fi fi echo "" echo "" # Store result for summary echo "$method|$gateway|$http_code|${time_total}s" >> /tmp/api_test_results.txt } # Clear previous results rm -f /tmp/api_test_results.txt echo "Starting comprehensive endpoint testing..." echo "" # Test Case 1: Miravia API - Product List test_endpoint "https://api.miravia.es/sync" "lazada.product.get" "limit1" "Miravia seller API - Get products" # Test Case 2: Miravia API - Seller Info test_endpoint "https://api.miravia.es/sync" "lazada.seller.get" "" "Miravia seller API - Get seller info" # Test Case 3: Miravia API - Category Tree test_endpoint "https://api.miravia.es/sync" "lazada.category.tree.get" "languageen" "Miravia seller API - Get categories" # Test Case 4: Singapore AliExpress - Seller Info test_endpoint "https://api-sg.aliexpress.com/sync" "aliexpress.seller.info.query" "" "AliExpress SG - Seller info" # Test Case 5: Singapore AliExpress - Category Attributes test_endpoint "https://api-sg.aliexpress.com/sync" "aliexpress.postproduct.redefining.getcategoryattributes" "category_id201336100" "AliExpress SG - Category attributes" # Test Case 6: European AliExpress - Seller Info test_endpoint "https://api.aliexpress.com/sync" "aliexpress.seller.info.query" "" "AliExpress EU - Seller info" # Test Case 7: Global AliExpress - Seller Info test_endpoint "https://eco.aliexpress.com/sync" "aliexpress.seller.info.query" "" "AliExpress Global - Seller info" # Test Case 8: Try Miravia without /sync test_endpoint "https://api.miravia.es" "lazada.product.get" "limit1" "Miravia API without /sync" # Test Case 9: Try different Miravia subdomain test_endpoint "https://open.miravia.es/sync" "lazada.product.get" "limit1" "Miravia Open Platform" echo "========================================" echo "TEST SUMMARY" echo "========================================" if [ -f /tmp/api_test_results.txt ]; then echo "Method Gateway Status Time" echo "------------------------------------------------------------------------" while IFS='|' read -r method gateway status time; do printf "%-40s %-20s %-8s %s\n" "$method" "$(echo $gateway | cut -d'/' -f3)" "$status" "$time" done < /tmp/api_test_results.txt else echo "No results file found" fi echo "" echo "Analysis Guide:" echo "- HTTP 200: Successful request (good authentication)" echo "- HTTP 302: Redirect (possibly wrong gateway URL)" echo "- HTTP 401: Unauthorized (token/signature issue)" echo "- HTTP 403: Forbidden (permissions issue)" echo "- HTTP 404: Not found (wrong endpoint)" echo "- HTTP 405: Method not allowed (wrong HTTP method)" echo "- HTTP 500: Server error (API issue)" echo "" echo "Look for responses with valid JSON containing 'code', 'data', or 'result' fields." # Cleanup rm -f /tmp/api_test_results.txt