Payox

Signature

We require a sign value under the header section of every request you send us. This value uses the HMAC function with the sha256 algorithm, using your API Secret value according to your request.

Ready-to-use code examples

You need to stringify the request parameters (body, query string etc.) you add while creating the signature without breaking the request order.


Example 1: So, for example, you will send a request to the Available Banks service; This endpoint uses the GET method. Since you do not send a parameter (query string) to this service, you can use an empty string value to create a signature.

Example 2: So, for example, you will send a request to the Create Deposit or Create Withdraw service; This endpoint uses the POST method. In this service, you need to send us certain parameters in the body. You need to stringify by placing these parameters side by side. A result like the following will appear.

Form Body to Send

bankId:5fb103ee40c69600183ec990
amount:100
userId:123456789
name:Test User
userName:testUserName
processId:1122334455

Expected stringify result

bankId=5fb103ee40c69600183ec990&amount=100&userId=123456789&name=Test+User&userName=testUserName&processId=1122334455

Then, you will create a signature of the created stringify result with the HMAC function using the sha256 algorithm. You can review the sample codes below.

Create Signature

const apiSecret = "e59de9db1246eef0423a8c9045bdc5c9ea5729695cf792d065cac10373add831" //Replace it with your own API Secret.
const requestData = {
    bankId: "507f1f77bcf86cd799439011",
    amount: "500",
    userId: "987654",
    name: "Test User",
    userName: "testUserName",
    processId: "123456789"
};

const encodedRequest = new URLSearchParams(requestData).toString();
const sign = crypto.createHmac("sha256", apiSecret).update(encodedRequest).digest().toString("base64");

console.log(sign); // E2ftNgJbcRAEZfWA9Lb8SbhsB7fBS8UJZMVOwRMslr4=

Use in requests

You need to create a signature for each request. Place the sign parameter with the value you created and the apiKey parameter with your API Key value under the header.

Was this page helpful?