Authentication

Request

Every request should contain the Api-key and Signature headers and must pass parameters in JSON format:

Example of API Request

POST /v2/balances HTTP/1.1
Content-Type: application/json
Accept: application/json; charset=utf-8
Api-key: {publicApiKey}
Signature: {signature}
{} /* request body, an empty object for requests without arguments */

• {publicApiKey} - your API public key
• {signature} - a digital signature that created using the HMAC method based on the sha256 algorithm with your API secret key and the json body of the request

Example of creating a digital signature, PHP

/** @var array $data */
$jsonData = json_encode($data);
$signature = hash_hmac("sha256", $jsonData, $secretKey, false);

• $secretKey - your API secret key

Response

The API response also contains a Signature header with a digital signature for verification. It's also created using the HMAC method based on the sha256 algorithm with your API secret key and the json body of the response.

Example of API Response

HTTP/1.1 200 OK
Content-Type: application/json
Signature: {signature}

{
    /* The overall status of the request execution means that the API processed the request correctly */
    "status": "success",
    "data": {
        "usdt": {
            "currency": "usdt",
            "wallet_uuid": "fc630e08-c4bc-4a6f-ab1b-0c668a093426",
            "amount": "38021.77",
            "overdraft": "50",
            "updated_at": "1970-01-01 12:40:11",
            "currency_precision": 2
        },
        ...
    }
}

Example of verifying the digital signature of the received response, PHP

/** @var \Psr\Http\Message\ResponseInterface $response */
if( 
   $response->getHeaderLine('Signature') === hash_hmac(
      'sha256', 
      $response->getBody()->getContents(), 
      $secretKey
   )
)
{
  // You can trust
}

warning

In case of an error when executing a request from a merchant, the service returns http code 400, a code and a description of the error. See Error codes for details