API Token

Getting Started Base URL Authentication

Payments Platform

Create Transaction Check Status Callback Response SDK

Authentication

Our API uses the HMAC algorithm to authenticate your requests. The idea is simple, every request (URL path + body) needs to be signed using your API Secret. Then our server makes sure the signature is correct and processes the query.

This provides a comprehensive guide on encrypting and signing API requests using JavaScript. It utilizes the CryptoJS library to implement HMAC-SHA256 encryption for securing the requests.

Important Notes❗:

All private REST requests must contain the following headers:

  • The API request payload and signature payload must maintain the same order to ensure accurate processing and verification. This alignment in order is crucial for maintaining data integrity and security protocols within the system architecture.
  • URLPath - Use last segment of the URL. Ex: https://example.com/api/user/s2s/create_transaction use only “/create_transaction”
  • Don't send the file/picture in the body params. HMAC authentication doesn't support files in the payload due to its reliance on hashing, which only works with text or binary data.

Header Params 🧩:

All private REST requests must contain the following headers:

X-Api-Key: A string representing your API key.

X-Api-Signature: A Base64-encoded signature. Refer to the "Encryption & Signing" section for details.

1. Encryption and Signing Function 🔐:

This function takes four parameters:

urlPath: The final segment of the API endpoint URL.

body: The request payload (optional).

apiKey: Your unique API key used for authentication.

saltKey: The salt key used for generating the request signature.

It returns a string representing the generated signature for the API request.

You can use this function to sign your API requests before sending them to ensure their authenticity and integrity.

Below is the Curl function that you can use to generate a signature for your API request. To get started, ensure that CryptoJS is installed in your project. You can install it via npm using the following command:

Languages 

curl -X POST https://PayInfinity-api.s2s.rare-able.com/api/auth/generate-signature \
        -H "Content-Type: application/json" \
        -d '{
            "apiKey": "your-api-key",
            "saltKey": "your-salt-key",
            "urlPath": "url-path-for-generating-signature",
            "data": {
            "key": "body-of-the-request-to-generate-signature"
            }
        }'

Response 

{
    "success": true,
    "data": {
        "signature": "f3639877608f74900f4b6ed0af46b08b0e4133060accd3f87dce8c72d0c7c5d1"
    },
    "message": "Signature generated",
    "code": 200
}

In this example :

headers: Object containing the API headers.

'X-Api-Key': Your unique API key used for authenticating requests.

'X-Api-Signature': A Base64-encoded signature generated using the request body and your secret keys. Used to verify the integrity and authenticity of the request.

fetch: Uses the Fetch API to send an HTTP request.

method: 'POST': Defines the HTTP method as POST.

headers: An object containing request headers, including the API key and signature.

body: The request payload, serialized as a JSON string using JSON.stringify(body).

Ensure that you replace apiEndpoint with the actual URL of your API endpoint. This code snippet demonstrates how to send an authenticated API request using the Fetch API in JavaScript.