Signature

The Signature is the RFC 2104 HMAC-SHA512 of selected elements from the request, and so the Signature part of the HMAC header will vary from request to request.

Encoded string of JSON-serialized parameters

Remove empty strings before hashing.

Here is a piece of pseudo-code that demonstrates the HMAC header construction

// Assuming you have this secret key
Api_Secret = "123456"

StringToSign = {"merchant_id": "UuOLMTDbSII57Dfua"}

Signature =  HMAC-SHA512( Api.secret, UTF-8-Encoding-Of( StringToSign ) ) ;

Authorization = Signature;

So this should look like the Authorization header below:

curl -X POST \
  https://kriptopay.com/api/merchant/invoices \
  -H 'Authorization: Token 8406c24e1bb3994a0fd6f3e7e7b2d63c5f0feb85194c07f88e4ffa95a5cb4e07' \
  -H 'HMAC: f4fe0ae0bf580e87809320f276a6e601f88b152e7991851c03519350cb05ed9968701b6b177c602395d5bca7ca2a623992f899b9fb7736995eeea32dca37cc5e' \
  -H 'Content-Type: application/json' \
  -d '{"merchant_id":"le7o1Lckqq"}'

PreviousHow it works NextCode samples

Last updated 1 year ago