Comment on page
How it works
The following describes steps, required to authenticate request signature using HMAC-SHA1:
- 1.You construct an API request (for API calls)
- 2.You calculate a keyed-hash message authentication code (HMAC-SHA1) signature using your API secret
- 3.You include both the API key and the signature in the
Authorizationheader, and then call the API - 4.The API uses your API key to look up your API secret
- 5.The API reconstructs the signature from the request data and the API secret with the same algorithm you used to calculate the signature you sent in the request
- 6.If the signature generated by Cryptopay matches the one you sent in the request, the request is considered authentic. If the comparison fails the request is discarded and Cryptopay returns
401or403error responses:
401
403
{
"error": {
"code": "unauthenticated",
"message": "unauthenticated",
"details": []
},
"meta": {
"request_id": "932e4625b1735951f471cb7e7d3dab6e"
}
}
{
"error": {
"code": "unauthorized",
"message": "unauthorized",
"details": []
},
"meta": {
"request_id": "932e4625b1735951f471cb7e7d3dab6e"
}
}
Last modified 1yr ago