LogoLogo
  • OKP APIs
  • Getting Started with OKP
  • API Documentation
    • Deposits API
      • Technical and Security Aspects
        • Calculating the Signature
      • Endpoints
        • Deposit Creation Endpoint
          • Notifications
        • Transactional Account Endpoint
          • Understanding the Solution
        • PCI Deposit Creation Endpoint
        • Deposit Status Endpoint
        • Payment Methods Endpoint
        • Currency Exchange Endpoint
        • Crypto Exchange Endpoint
        • Country States Codes Endpoint
        • Refund Creation Endpoint
          • Notifications
        • Refund Status Endpoint
      • Payment Methods
        • 🌎America
          • 🇧🇷Brazil
            • PIX Biometric
      • API Codes
    • Cashouts API
      • Technical and Security Aspects
        • Calculating the Payload-Signature
      • Endpoints
        • Cashout Creation Endpoint
          • Notifications
        • Cashout Status Endpoint
        • Cashout Update Status Endpoint
        • Cashout Cancellation Endpoint
        • Cashout Bank Codes
      • Countries Validations
        • American Countries
          • 🇧🇷Brazil
      • API Codes
    • Subscriptions API
      • Technical and Security Aspects
        • Calculating the Signature
      • Subscription Creation Endpoints
        • OneShot Subscription Creation
        • PCI Subscription Creation Endpoint
        • Notifications
      • Subscription Cancellation Endpoint
      • Subscription Status Endpoint
    • Quickpay
      • Endpoints
        • Deposit creation endpoint
          • Notifications
        • Deposit status endpoint
    • Bank Account Validation
      • Technical and Security Aspects
        • Calculating the Signature
      • Endpoints
        • Bank Account Validation Endpoint
          • Pix Key Validation and Details Endpoint
      • API Codes
    • KYC API
      • Technical and Security Aspects
        • Calculating the Signature
      • KYC Endpoint
      • API Codes
  • Deposits Tools
    • Cards SDK
      • With User Interface
        • 🚀Color Customization
      • Without User Interface
    • Java SDK
    • PHP SDK
  • Knowledge Base
    • Deposits with Cards SDK
      • With User Interface
      • Without User Interface
    • Countries Specifications
  • PLUGINS
    • WooCommerce
      • Installation
      • Configuration
  • Status Page
Powered by GitBook
On this page
  • Calculating the Signature
  • Notes
  • Examples
  1. API Documentation
  2. Cashouts API
  3. Technical and Security Aspects

Calculating the Payload-Signature

Learn how to correctly calculate the Signature Control String to authenticate with the V3 Cashout endpoints

Calculating the Signature

All calls to our Cashouts APIs must contain a Payload-Signature field on the header used to ensure request integrity and to authenticate yourself since you will use your own API Signature (secret key) to generate and encrypt a hash.

It has to be created using HMAC-SHA-256 (RFC 2104) encoding and the payload is made of the entire JSON Payload sent in the body of the requests and notifications.

Use your API Signature to create the HASH

The Payload-Signature field on the header of the requests will contain the hash generated from hashing the entire JSON Payload:

Payload-Signature: HMAC256(jsonPayload)

Example:

Payload-Signature: 223a9dd4784726f1536c926da7dc69155a57612c5c3c1e1b429c367a5eee67cf

​

​

Notes

The Payload-Signature value is case sensitive and must be sent in lower case.

In case the jsonPayload value is empty, use an empty string instead.

The jsonPayload should be converted to UTF-8 before hashing it to prevent Invalid Signature error when sending characters with different encodings.

​

Examples

Check the examples below on how to calculate the Payload-Signature.

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.net.util.Base64;

String json_payload = "{ \"login\": \"cashout_API_Key\", \"pass\": \"cashout_API_Passphrase\",   \"external_id\": \"123456789\",  \"document_id\": \"1234567899\",  \"document_type\": \"\",   \"cashout_type\": \"BANK\", \"beneficiary_name\": \"Test User\", \"beneficiary_lastname\": \"Test User\",  \"country\": \"MX\",  \"amount\": 2000,  \"currency\": \"MXN\",  \"email\": \"test@test.com\", \"notification_url\": \"http:\\/\\/onekeypayments.com\\/notification\",  \"bank_code\": \"072\",\"bank_branch\": \"\",  \"bank_account\": \"1234567890\", \"account_type\": \"C\", \"address\": \"\"}";
String secretKey = "cashout_secret_key";
Mac hasher = Mac.getInstance("HmacSHA256");
hasher.init(new SecretKeySpec(secretKey.getBytes(), "HmacSHA256"));
String payload_signature = Base64.encodeBase64String(hasher.doFinal(json_payload.getBytes())).toLowerCase();

<?php
$json_payload = '{
"login": "cashout_API_Key",
"pass": "cashout_API_Passphrase",
"external_id": "123456789",
"document_id": "1234567899",
"document_type": "", 
"cashout_type": "BANK",
"beneficiary_name": "Test User",
"beneficiary_lastname": "Test User",
"country": "MX",
"amount": 2000,
"currency": "MXN",
"email": "test@test.com",
"notification_url": "http://www.onekeypayments.com/notification",
"bank_code": "072",
"bank_branch": "",
"bank_account": "1234567890",
"account_type": "C",
"address": ""
}';
$secretKey = "cashout_secret_key";
$payload_signature = strtolower(hash_hmac('sha256', pack('A*', $json_payload), pack('A*', $secretKey)));
?>

using System;
using System.Text;
using System.Security.Cryptography;

string jsonPayload = "{ \"login\": \"cashout_API_Key\", \"pass\": \"cashout_API_Passphrase\",   \"external_id\": \"123456789\",  \"document_id\": \"1234567899\",  \"document_type\": \"\",   \"cashout_type\": \"BANK\", \"beneficiary_name\": \"Test User\", \"beneficiary_lastname\": \"Test User\",  \"country\": \"MX\",  \"amount\": 2000,  \"currency\": \"MXN\",  \"email\": \"test@test.com\", \"notification_url\": \"http:\\/\\/www.onekeypayments.com\\/notification\",  \"bank_code\": \"072\",\"bank_branch\": \"\",  \"bank_account\": \"1234567890\", \"account_type\": \"C\", \"address\": \"\"}";
string secretKey = "cashout_secret_key";        
byte[] keyByte = new ASCIIEncoding().GetBytes(secretKey);
byte[] jsonPayloadBytes = new ASCIIEncoding().GetBytes(jsonPayload);
byte[] hashmessage = new HMACSHA256(keyByte).ComputeHash(jsonPayloadBytes);
string payloadSignature = BitConverter.ToString(hashmessage).Replace("-", "").ToLower();

PreviousTechnical and Security AspectsNextEndpoints

Last updated 1 year ago