SettingsUrlHelp

My apps

Help & Docs
Settings page
Pricing page
Credits API
Events

App settings page

How to impelement

The canvas sizes of app settings page are:
width: 1168px.
height: 800px;
We reommended to develop a responsive canvas page to support all screen resolutions.

Signed request parameter

When user click on your app from our app market, we send to your settings URL an encrypted signed_request parameter via HttpGet.
for example: http://www.yourdomain.com/appsettings?signed_request=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
To decrypt this signed_request you need to use MD5 Hash algorithm.
The vector(key) to decrypt this MD5 hash is your app token(You'll recieve your app token when you create an app).

example is C#:

public static string Decrypt(string app_token, string signed_request)
        {
            byte[] keyArray;
            //get the byte code of the string

            byte[] toEncryptArray = Convert.FromBase64String(signed_request);

            // app token
            string key = app_token;

            //if hashing was used get the hash code with regards to your key
            MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
            keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
            //release any resource held by the MD5CryptoServiceProvider

            hashmd5.Clear();

            TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
            //set the secret key for the tripleDES algorithm
            tdes.Key = keyArray;
            //mode of operation. there are other 4 modes. 
            //We choose ECB(Electronic code Book)

            tdes.Mode = CipherMode.ECB;
            //padding mode(if any extra byte added)
            tdes.Padding = PaddingMode.PKCS7;

            ICryptoTransform cTransform = tdes.CreateDecryptor();
            byte[] resultArray = cTransform.TransformFinalBlock(
                                 toEncryptArray, 0, toEncryptArray.Length);
            //Release resources held by TripleDes Encryptor                
            tdes.Clear();
            //return the Clear decrypted TEXT
            return UTF8Encoding.UTF8.GetString(resultArray);
        }

Use API to access objects(account orders,products,stores...)

When signed_request parameter is decrypted you'll recieve JSON string with the account token to start invoking API.
example for decrypted signed_request:

{app:8,account_token:"XX-JB0Vj61dbBm01JspOaXXXC2j3QhnGUYVz9EBqNO5ToJetsxd1fuSwqkELMXXXekx3-iAXXXzhLop8kO6w==",device:"desktop",date:"635434038010761498", perms:"info,orders,customers,products,store_users"}

The account token from the example above is:
XX-JB0Vj61dbBm01JspOaXXXC2j3QhnGUYVz9EBqNO5ToJetsxd1fuSwqkELMXXXekx3-iAXXXzhLop8kO6w==
With this account token you can invoke API actions.

Include CSS and Javascript links to your setting page

To get colors, backgroungs and layouts, include this CSS link on your settings page:

Javasvript link that allows you to get/set API calls and dialogs on your settings page: