Create labels with mondial relay API

by

Summary

The issue at hand is the inability to create labels using the Mondial Relay API and SOAP with NodeJS. The error 500 is encountered, and the params.Security value is calculated incorrectly. Key takeaways include the importance of correct API parameter formatting and security signature calculation.

Root Cause

The root cause of the issue is the incorrect calculation of the Security parameter in the signin function. The security signature is calculated using the MD5 hash of the concatenated parameters and private key, but the parameter ordering and concatenation might be incorrect.

Why This Happens in Real Systems

This issue occurs in real systems due to:

  • Incorrect API documentation: The API documentation might not clearly specify the parameter ordering and formatting requirements.
  • Insufficient error handling: The system might not have adequate error handling mechanisms to detect and report incorrect security signature calculations.
  • Inconsistent parameter formatting: The parameters might be formatted inconsistently, leading to incorrect security signature calculations.

Real-World Impact

The real-world impact of this issue includes:

  • Failed label creation: The inability to create labels using the Mondial Relay API, resulting in delayed or failed shipments.
  • Increased support requests: Customers may experience issues with their shipments, leading to increased support requests and potential reputational damage.
  • Lost revenue: The inability to create labels and ship products efficiently can result in lost revenue and decreased customer satisfaction.

Example or Code

function signin(params, privateKey) {
  const orderedKeys = [
    'Enseigne',
    'ModeCol',
    'ModeLiv',
    'NDossier',
    'NClient',
    'Poids',
    'Expe_Langage',
    'Expe_Ad1',
    'Expe_Ad2',
    'Expe_CP',
    'Expe_Ville',
    'Expe_Pays',
    'Dest_Langage',
    'Dest_Ad1',
    'Dest_Ad2',
    'Dest_Ad3',
    'Dest_CP',
    'Dest_Ville',
    'Dest_Pays',
    'Dest_Tel1',
    'Dest_Mail',
    'NbColis',
    'CRT_Valeur'
  ];
  let concat = '';
  for (const key of orderedKeys) {
    concat += params[key] ?? '';
  }
  concat += privateKey;
  return crypto
    .createHash('md5')
    .update(concat)
    .digest('hex')
    .toUpperCase();
}

How Senior Engineers Fix It

Senior engineers fix this issue by:

  • Verifying API documentation: Ensuring that the API documentation is accurate and up-to-date.
  • Implementing robust error handling: Adding error handling mechanisms to detect and report incorrect security signature calculations.
  • Consistent parameter formatting: Ensuring that parameters are formatted consistently to prevent incorrect security signature calculations.
  • Testing and validation: Thoroughly testing and validating the security signature calculation to ensure its correctness.

Why Juniors Miss It

Junior engineers might miss this issue due to:

  • Lack of experience: Inadequate experience with API integrations and security signature calculations.
  • Insufficient knowledge: Limited knowledge of the API documentation and parameter formatting requirements.
  • Inadequate testing: Inadequate testing and validation of the security signature calculation.
  • Overlooking details: Overlooking critical details, such as parameter ordering and concatenation, when calculating the security signature.