βΊοΈAuthentication
When making requests to CoinbarPay's API, include the SERVICE_CLIENT_ID and a SIGNATURE_TOKEN generated by your SERVICE_SECRET_KEY in the header of your HTTP requests to authenticate.
Signature Token
A signature token is a secure way to hash and authenticate requests using a secret key and the serialized body of a request.
By using an HMAC (Hash-based Message Authentication Code), it is possible to create a tamper-proof token that can ensure the API call is made from an authorized source.
Take a look at the following example for Node.js that shows how to create an HMAC signature token:
const crypto = require('crypto');
// Example Request for Payment Request creation
const requestBody = {
//Request JSON Object or serialized query string...
};
const secretKey = 'your_secret_key';
// Function to create HMAC signature token
function createSignatureToken(requestBody, secretKey) {
const serializedRequestBody = JSON.stringify(requestBody);
const signatureToken = crypto
.createHmac('sha256', secretKey)
.update(serializedRequestBody)
.digest('hex');
return signatureToken;
}
//SIGNATURE_TOKEN to use as HTTP Header
const SIGNATURE_TOKEN = createSignatureToken(requestBody, secretKey);
Warning
When calling the CoinbarPay API, be sure to include the generated SIGNATURE_TOKEN and SERVICE_CLIENT_ID in the request headers, so the system can validate the authenticity and integrity of the request.
const axios = require("axios");
const SERVICE_CLIENT_ID = "your_SERVICE_AUTH_KEY_here";
const requestBody = {
//Payment JSON Object...
};
const signature_token = createSignatureToken(requestBody, secretKey);
axios.post("https://{{SANDBOX_ENV.BASE_URL}}/{{SANDBOX_ENV.PATH_PAYMENT_EXAMPLE}}",
requestBody,
{
headers: {
"CBPAY-API-KEY": `${SERVICE_CLIENT_ID}`
"SIGNATURE" : `${signature_token}`
},
})
.then(response => {
console.log(response.data);
})
.catch(error => {
console.error(error);
});
Last updated