Learn how to calculate and send the Signature header value to verify requests integrity
Calculating the Signature
All the calls to our Deposits APIs will contain an Authorization field on the header used to ensure request integrity and to authenticate yourself since you will use your own secret key (API Signature) to generate and encrypt a hash.
It has to be created using HMAC-SHA-256 (RFC 2104) encoding and the payload must include the following details:
The X-Login is your login API Key, it can be retrieved from the Merchant Panel by going to Settings -> API Access -> Deposit credentials -> API Key.
The X-Date is the date in ISO8601 Datetime with Timezone. Format expected: ISO8601 Datetime with Timezone: yyyy-MM-dd'T'HH:mm:ssZ. E.g.: 2020-06-21T12:33:20Z.
The Authorization value is case sensitive and must include all the above mentioned values.
The JSONPayload is the exact same JSON you sent in the body of the request.
In case the JSONPayload value is empty (for example in the status or payment methods endpoints), use an empty string ("") instead.
The JSONPayload should be converted to UTF-8 before hashing it to prevent Invalid Signature error when sending characters with different encodings.
Examples
Check the examples in the different languages on how to properly calculate the Signature.
You can also check the code of our SDKs in Java and PHP to see how it is calculated.
<?phpclassDirecta24Example {const D24_AUTHORIZATION_SCHEME ="D24 ";const HMAC_SHA256 ='sha256';publicstaticfunctionbuild_deposit_key_signature($api_signature, $x_date, $deposits_api_key, $json_payload) {// Concatenate the content of the header X-Date, your deposits API Key (X-Login) and // the whole JSON payload of the body of the request $string = $x_date . $deposits_api_key . $json_payload;// Generate the HASH by using yur own deposits API Signature and // concatenate "D24 " in front of the hashreturnself::D24_AUTHORIZATION_SCHEME .hash_hmac(self::HMAC_SHA256, $string, $api_signature); }}