Authentication and Signature Calculation
Authentication
To authenticate you, our withdrawal API uses API Keys in all requests. API Keys can be obtained from Settings -> API -> Withdrawals.
There are 3 credentials you will need:
Your user: Key
Your password: API Passphrase
Your secret key to generate the signature: API Signature
PUT IMAGE
Authentication to the API is done using HTTP Basic Auth. The API Keys must be in all requests such as the username and password.
Your username and password are sent as API KEY and API Passphrase respectively in the body of the request.
API keys, like whitelisted IPs, are ways to authenticate yourself, therefore, please do not share credentials in any public setting.
Headers
All requests sent through Cashouts API must have the following headers.
Header
Format
Mandatory
Description
Payload-Signature
String
Yes
HMAC256 of the whole JSON Payload using your API Signature
Content-Type
String
Yes
application/json
User-Agent
String
Yes
Server client user agent
Calculating the Signature
All calls to our Cashouts APIs must contain a Payload-Signature
field on the header used to ensure request integrity and to authenticate yourself since you will use your own API Signature (secret key) to generate and encrypt a hash.
It has to be created using HMAC-SHA-256 (RFC 2104) encoding and the payload is made of the entire JSON Payload sent in the body of the requests and notifications.
Use your API Signature to create the HASH
The Payload-Signature
field on the header of the requests will contain the hash generated from hashing the entire JSON Payload:
Payload-Signature: HMAC256(jsonPayload)
Example:
Payload-Signature: 223a9dd4784726f1536c926da7dc69155a57612c5c3c1e1b429c367a5eee67cf
Examples
Check the examples below on how to calculate the Payload-Signature
.
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.net.util.Base64;
String json_payload = "{ \"login\": \"cashout_API_Key\", \"pass\": \"cashout_API_Passphrase\", \"external_id\": \"123456789\", \"document_id\": \"1234567899\", \"document_type\": \"\", \"cashout_type\": \"BANK\", \"beneficiary_name\": \"Test User\", \"beneficiary_lastname\": \"Test User\", \"country\": \"MX\", \"amount\": 2000, \"currency\": \"MXN\", \"email\": \"[email protected]\", \"notification_url\": \"http:\\/\\/tupaypagos.com\\/notification\", \"bank_code\": \"072\",\"bank_branch\": \"\", \"bank_account\": \"1234567890\", \"account_type\": \"C\", \"address\": \"\"}";
String secretKey = "cashout_secret_key";
Mac hasher = Mac.getInstance("HmacSHA256");
hasher.init(new SecretKeySpec(secretKey.getBytes(), "HmacSHA256"));
String payload_signature = Base64.encodeBase64String(hasher.doFina
Última actualización
¿Te fue útil?