When making requests to CoinbarPay's API, include the SERVICE_CLIENT_ID and a SIGNATURE_TOKEN generated by your SERVICE_SECRET_KEY in the header of your HTTP requests to authenticate.
This ensures that only authorized users can access and interact with your CoinbarPay data.
Signature Token
A signature token is a secure way to hash and authenticate requests using a secret key and the serialized body of a request.
By using an HMAC (Hash-based Message Authentication Code), it is possible to create a tamper-proof token that can ensure the API call is made from an authorized source.
Take a look at the following example for Node.js that shows how to create an HMAC signature token:
const crypto = require('crypto');
// Example Request for Payment Request creation
const requestBody = {
//Request JSON Object or serialized query string...
};
const secretKey = 'your_secret_key';
// Function to create HMAC signature token
function createSignatureToken(requestBody, secretKey) {
const serializedRequestBody = JSON.stringify(requestBody);
const signatureToken = crypto
.createHmac('sha256', secretKey)
.update(serializedRequestBody)
.digest('hex');
return signatureToken;
}
//SIGNATURE_TOKEN to use as HTTP Header
const SIGNATURE_TOKEN = createSignatureToken(requestBody, secretKey);
Warning
When calling the CoinbarPay API, be sure to include the generated SIGNATURE_TOKEN and SERVICE_CLIENT_ID in the request headers, so the system can validate the authenticity and integrity of the request.
