Required headers
Each request must include three required headers:
X-Timestamp | Unix timestamp in seconds |
X-Signature | HMAC-SHA256 request signature in hex format |
X-Client-Id | Your merchant ID |
Signature generation
The signature is generated from the timestamp and request body.
Format:
{timestamp}.{canonicalBody}
Format description
timestamp | Current Unix time in seconds |
canonicalBody | JSON request body converted to canonical format |
Signature algorithm:
Important requirements:
Examples:
Authorization errors
401 Invalid X-Timestamp
{
"status": 401,
"message": "Invalid X-Timestamp"
}401 Expired X-Timestamp
{
"status": 401,
"message": "Expired X-Timestamp"
}401 Invalid X-Signature
{
"status": 401,
"message": "Invalid X-Signature"
}401 Invalid token
{
"status": 401,
"message": "Invalid token"
}401 Merchant secret not configured
{
"status": 401,
"message": "Merchant secret not configured"
}500 Internal Server Error
{
"status": 500,
"message": "Internal Server Error"
}