When making requests to CoinbarPay's API, include the SERVICE_CLIENT_ID and a SIGNATURE_TOKEN generated by your SERVICE_SECRET_KEY in the header of your HTTP requests to authenticate.
This ensures that only authorized users can access and interact with your CoinbarPay data.
Signature Token
A signature token is a secure way to hash and authenticate requests using a secret key and the serialized body of a request.
By using an HMAC (Hash-based Message Authentication Code), it is possible to create a tamper-proof token that can ensure the API call is made from an authorized source.
Take a look at the following example for Node.js that shows how to create an HMAC signature token:
constcrypto=require('crypto');// Example Request for Payment Request creationconstrequestBody= {//Request JSON Object or serialized query string...};constsecretKey='your_secret_key';// Function to create HMAC signature tokenfunctioncreateSignatureToken(requestBody, secretKey) {constserializedRequestBody=JSON.stringify(requestBody);constsignatureToken= crypto.createHmac('sha256', secretKey).update(serializedRequestBody).digest('hex');return signatureToken;}//SIGNATURE_TOKEN to use as HTTP HeaderconstSIGNATURE_TOKEN=createSignatureToken(requestBody, secretKey);
Warning
When calling the CoinbarPay API, be sure to include the generated SIGNATURE_TOKEN and SERVICE_CLIENT_ID in the request headers, so the system can validate the authenticity and integrity of the request.
