API v2 - Login Jquery, Ajax, Javascript

The explanation of calculating the token is kind of weird, as it seems to me as the token needs to get hashed more times as it should be.

1. 2) Calculate user token
2. User data for this example: {username: 'username@xxx.com', password: 'password'}
3. Algorithm for calculating token.
4. token = hash(nonce + hash(password))
5. Calculation steps:
6. token = hash('CCiLOjZjIGjfSBuj' + hash('password')
7. token = hash('CCiLOjZjIGjfSBuj' + '5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8')
8. token = 'ced228631af6a88595e4fb78912e5f5b5ccddae7'

Order is:

1. Hash the password
2. Chain not hashed nonce with hashed password
3. Hash the chained string
4. DONE

1. PHP Example:
3. $password = sha1($password);
4. $token = $nonce . $password;
5. $token = sha1($token);

I still don't understand how to do it

I need so that my voice assistant can take values from the sensors

How to create a link

"https://my.zipato.com:443/zipato-web/v2/attributes/XXXXXXXX-382d-4776-839a-XXXXXXXXXXXX/value/value"

Help please

The "Cross Domain Thing" is not caused by Zipato. I guess you are testing it locally.

If so use Internet Explorer to test or

If you are using Chrome on Windows try the following steps:

1. Close Chrome
2. Open "Run" (Windows + R)
3. Enter chrome.exe --disable-web-security --user-data-dir
4. open your .html file
5. DONE

If you transfer your files on a server it should work without this steps.

Thank you Mr. Krieger.

But i also tested with IE and Chrome with (chrome.exe --disable-web-security --user-data-dir) but i got same error.

Other problem, i also tested on my server (not local) but it gave same result.

I develope android application, is ok. .net application is ok but nowadays i am trying to develope frontend side with jquery I have not been successful yet.

Have you got any sample for login api (html & jquery). When i changed only username and password will it work?

Maybe I have time to code a quick and dirty solution tomorrow as I do not need it for my own needs.

If it is possible, not important code quality. I only want to check workable code.

Hi Ersen.

The following works for me, even when I still get the error: Refused to set unsafe header "Cookie"

1. var USERNAME = "xxx@xxx.xxx";
2. var PASSWORD = "xxx";

3. 
   

4. var jsessionid;

5. 
   

6. initUser();

7. 
   

8. function initUser()
9. {
10. $.ajax({
11. url: "https://my.zipato.com/zipato-web/v2/user/init";,
12. type: "GET",
13. success: function(data){
14. jsessionid = data.jsessionid;
15. login(CryptoJS.SHA1(data.nonce + CryptoJS.SHA1(PASSWORD)));
16. },
17. error: function(error){
18. console.log(error);
19. }
20. });
21. }

22. 
    

23. function login(token)
24. {
25. $.ajax({
26. beforeSend: function(request) {
27. request.setRequestHeader("Cookie", jsessionid);
28. },
29. url: "https://my.zipato.com/zipato-web/v2/user/login?token="; + token + "&username=" + USERNAME,
30. type: "GET",
31. success: function(data){
32. console.log(data);
33. },
34. error: function(error){
35. console.log(error);
36. }
37. });
38. }

I used the following libraries:

• jquery-3.2.1.min.js
• CryptoJS.js

Make sure that you are logged out before trying.

With Chrome I used:

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security

I hope it works for you as well.

But of course it is a problem that the jsessionid is set through a header cookie which is not supposed to be used with JS. I guess it will still causes problems.

EDIT: Is there a reason why you want it with JS only?

Thank you Christoph,

It is worked with "With Chrome I used:

chrome.exe --user-data-dir="C:/Chrome dev session" --disable-web-security"

I want to develope ui at frontend, but i see it is impossible now maybe in the future, because of limits.

There is no any reason, only i want to try to solve.

Thank you again.

Yes I am also a bit dissapointed as I thougt it would be easier.

However, html and php is still possible without limitations. I also player around with Angularjs and nodejs but I am not too familiar to it.