Authentication
Request
Every request should contain the Api-key
and Signature
headers and must pass parameters in JSON format:
Example of API Request
POST /v2/balances HTTP/1.1
Content-Type: application/json
Accept: application/json; charset=utf-8
Api-key: {publicApiKey}
Signature: {signature}
{} /* request body, an empty object for requests without arguments */
{publicApiKey}
- your API public key{signature}
- a digital signature that created using the HMAC method based on the sha256 algorithm with your API secret key and the json body of the request
Example of creating a digital signature, PHP
/** @var array $data */
$jsonData = json_encode($data);
$signature = hash_hmac("sha256", $jsonData, $secretKey, false);
$secretKey
- your API secret key
Response
The API response also contains a Signature
header with a digital signature for verification. It's also created using the HMAC method based on the sha256 algorithm with your API secret key and the json body of the response.
Example of API Response
HTTP/1.1 200 OK
Content-Type: application/json
Signature: {signature}
{
/* The overall status of the request execution means that the API processed the request correctly */
"status": "success",
"data": {
"usdt": {
"currency": "usdt",
"wallet_uuid": "fc630e08-c4bc-4a6f-ab1b-0c668a093426",
"amount": "38021.77",
"overdraft": "50",
"updated_at": "1970-01-01 12:40:11",
"currency_precision": 2
},
...
}
}
Example of verifying the digital signature of the received response, PHP
/** @var \Psr\Http\Message\ResponseInterface $response */
if(
$response->getHeaderLine('Signature') === hash_hmac(
'sha256',
$response->getBody()->getContents(),
$secretKey
)
)
{
// You can trust
}
warning
In case of an error when executing a request from a merchant, the service returns http code 400
, a code and a description of the error. See Error codes for details