Required headers
Setiap request harus berisi tiga header wajib:
X-Timestamp | Unix timestamp dalam detik |
X-Signature | Tanda tangan request HMAC-SHA256 dalam format hex |
X-Client-Id | ID merchant Anda |
Signature generation
Tanda tangan dibuat berdasarkan timestamp dan body request.
Format:
{timestamp}.{canonicalBody}
Format description
timestamp | Waktu Unix saat ini dalam detik |
canonicalBody | Body JSON request yang dikonversi ke format canonical |
Algoritma tanda tangan:
Persyaratan penting:
Contoh:
Authorization errors
401 Invalid X-Timestamp
{
"status": 401,
"message": "Invalid X-Timestamp"
}401 Expired X-Timestamp
{
"status": 401,
"message": "Expired X-Timestamp"
}401 Invalid X-Signature
{
"status": 401,
"message": "Invalid X-Signature"
}401 Invalid token
{
"status": 401,
"message": "Invalid token"
}401 Merchant secret not configured
{
"status": 401,
"message": "Merchant secret not configured"
}500 Internal Server Error
{
"status": 500,
"message": "Internal Server Error"
}