Signature Generation
Each payment creation request must include a Signature header.
The signature is used to authenticate the request and ensure data integrity.
The signature is generated using HMAC SHA256 based on specific request fields and the API secret key.
Fields Used for Signature
To generate the signature, concatenate the following fields in the exact order listed below, separated by semicolons (;):
amounttoken_addressnetworkexternal_client_idexternal_dataexternal_order_id
Important rules:
- Fields must be in the exact order
- A semicolon (
;) is required after each field, including the last one - If a field is not provided, it must be replaced with an empty string
external_datamust be used exactly as sent in the request body
Signature Base String Example
300;0xdAC17F958D2ee523a2206206994597C13D831ec7;ethereum;1;{"key":"value"};1;
Secret Key (API Key)
The resulting string must be signed using the API secret key associated with the terminal.
To obtain the API secret key:
- Log in to the merchant dashboard
- Open the store or terminal settings
- Navigate to API Keys
- Create a new API key
Important: The API secret key is displayed only once at the moment of creation. Store it securely. If the key is lost or compromised, it must be revoked and regenerated.
Signature Algorithm
- Algorithm: HMAC SHA256
- Encoding: Hexadecimal (lowercase)
- Input: Signature base string
- Key: API secret key
PHP Signature Generation Example
function hmacSignature(array $fields, array $fieldsOrder, string $apiKey): string
{
$signatureDataStr = "";
foreach ($fieldsOrder as $key) {
$signatureDataStr .= ($fields[$key] ?? "") . ";";
}
return hash_hmac('sha256', $signatureDataStr, $apiKey);
}
$signature = hmacSignature([
"amount" => 300,
"token_address" => "0xdAC17F958D2ee523a2206206994597C13D831ec7",
"network" => "ethereum",
"external_client_id" => 1,
"external_data" => json_encode(["key" => "value"]),
"external_order_id" => 1,
], ["amount", "token_address", "network", "external_client_id", "external_data", "external_order_id"], "key_secret");Python Signature Generation Example
import hmac
import hashlib
import json
def hmac_signature(fields, fields_order, api_key):
signature_data_str = ""
for key in fields_order:
value = fields.get(key, "")
signature_data_str += str(value) + ";"
return hmac.new(api_key.encode('utf-8'), signature_data_str.encode('utf-8'), hashlib.sha256).hexdigest()
fields = {
"amount": 300,
"token_address": "0xdAC17F958D2ee523a2206206994597C13D831ec7",
"token_address": "ethereum",
"external_client_id": 1,
"external_data": json.dumps({"key": "value"}, separators=(',', ':')),
"external_order_id": 1,
}
fields_order = ["amount", "token_address", "network", "external_client_id", "external_data", "external_order_id"]
api_key = "key_secret"
signature = hmac_signature(fields, fields_order, api_key)Node JS Signature Generation Example
const crypto = require('crypto');
function hmacSignature(fields, fieldsOrder, apiKey) {
let signatureDataStr = "";
fieldsOrder.forEach(key => {
signatureDataStr += (fields[key] || "") + ";";
});
return crypto.createHmac('sha256', apiKey).update(signatureDataStr).digest('hex');
}
const signature = hmacSignature({
amount: 300,
token_address: "0xdAC17F958D2ee523a2206206994597C13D831ec7",
currency_code: "ethereum",
external_client_id: 1,
external_data: JSON.stringify({ key: "value" }),
external_order_id: 1,
}, ["amount", "token_address", "network", "external_client_id", "external_data", "external_order_id"], "key_secret");