# Authentication

When making requests to CoinbarPay's API, include the <mark style="color:purple;">SERVICE\_CLIENT\_ID</mark>  and a SIGNATURE\_TOKEN generated by your <mark style="color:orange;">SERVICE\_SECRET\_KEY</mark> in the header of your HTTP requests to authenticate.&#x20;

{% hint style="info" %}
This ensures that only authorized users can access and interact with your CoinbarPay data.
{% endhint %}

## Signature Token

A signature token is a secure way to hash and authenticate requests using a secret key and the serialized body of a request.&#x20;

By using an HMAC (Hash-based Message Authentication Code), it is possible to create a tamper-proof token that can ensure the API call is made from an authorized source.

Take a look at the following example for Node.js that shows how to create an HMAC signature token:

```javascript
const crypto = require('crypto');

// Example Request for Payment Request creation
const requestBody = {
  //Request JSON Object or serialized query string...
};

const secretKey = 'your_secret_key';

// Function to create HMAC signature token
function createSignatureToken(requestBody, secretKey) {
  const serializedRequestBody = JSON.stringify(requestBody);

  const signatureToken = crypto
    .createHmac('sha256', secretKey)
    .update(serializedRequestBody)
    .digest('hex');

  return signatureToken;
}

//SIGNATURE_TOKEN to use as HTTP Header
const SIGNATURE_TOKEN = createSignatureToken(requestBody, secretKey);
```

{% hint style="warning" %}

#### <mark style="color:orange;">Warning</mark>

When calling the CoinbarPay API, be sure to include the generated SIGNATURE\_TOKEN and <mark style="color:purple;">SERVICE\_CLIENT\_ID</mark> in the request headers, so the system can validate the authenticity and integrity of the request.
{% endhint %}

```javascript
const axios = require("axios");

const SERVICE_CLIENT_ID = "your_SERVICE_AUTH_KEY_here";

const requestBody = {
  //Payment JSON Object...
};
const signature_token = createSignatureToken(requestBody, secretKey);

axios.post("https://{{SANDBOX_ENV.BASE_URL}}/{{SANDBOX_ENV.PATH_PAYMENT_EXAMPLE}}", 
  requestBody,
  {
    headers: {
      "CBPAY-API-KEY": `${SERVICE_CLIENT_ID}`
      "SIGNATURE" : `${signature_token}`
  },
})
.then(response => {
  console.log(response.data);
})
.catch(error => {
  console.error(error);
});
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.coinbar.io/api-web-integration/api-documentation/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.