Cryptopay API
  • Welcome
  • Guides
    • Introduction
    • Environments
    • Creating a Test Account
    • API Credentials
    • API Basics
      • Responses
      • Date formats
      • Authentication
        • How it works
        • Signature
        • Creating a signature. Code samples
      • Callbacks
    • API Client Libraries
    • API Reference
    • Cryptocurrency Payments
    • Currencies
      • Supported Currencies
      • Currency Icons
    • Confirmations
    • Tools for accepting payments
    • Prebuilt integrations
      • E-commerce payment plugins
      • Payment and software providers
    • Channels
      • Channel payment
      • Payment statuses
      • Channel payment sequence
      • Create a Channel
      • Visual representation at Cashier
      • Channel hosted page
      • Channel payment callbacks
    • Invoices
      • Invoice statuses
      • Invoice payment sequence
      • How to handle unresolved invoices
        • Underpaid
        • Overpaid
        • Paid late
        • Illicit resource
        • Invoice refunds sequence
      • Create an invoice
      • Visual presentation at Cashier
      • Invoice hosted page
      • Online checkout
        • How-to
      • Payment links
      • Invoice callbacks
    • Payouts
      • Payout statuses
      • Payout sequence
      • Payout fees consideration
        • Network fees
      • Create a Coin Withdrawal
        • Possible errors
        • Withdrawals from fiat accounts
        • Withdrawals from cryptocurrency accounts
        • high_risk_address error message
      • Visual representation at Cashier
      • Minimum transaction amount
      • Coin Withdrawal callbacks
      • Travel Rule Compliance
    • Email Billing
      • Create an email billing
      • Email billing callbacks
    • Testing
      • Channels
      • Invoices
      • Payouts
    • Risks
    • Customers
    • Transactions types and Statuses
Powered by GitBook
On this page
  1. Guides
  2. API Basics
  3. Authentication

Signature

The Signature is the RFC 2104 HMAC-SHA1, of selected elements from the request, and so the Signature part of the Authorization header will vary from request to request.

Component

Description

HTTP method

GET, POST, PUT, PATCH

MD5 hash sum of the string with JSON-serialized parameters

If there are no parameters in the request body (e.g. GET), you then need to place just an empty string "" as there is nothing to hash. Do not hash an empty string.

Content-Type

application/json

Date

Request URI

Everything that is after the base URL e.g. /api/invoices

Here is a piece of pseudo-code that demonstrates the Authorization header construction. \n means the Unicode code point U+000A, commonly called a newline:

StringToSign = HTTP-Verb + “\n” +
   Content-MD5 + “\n” +
   Content-Type + “\n” +
   Date + “\n” +
   Path

Signature = Base64( HMAC-SHA1( Api.secret, UTF-8-Encoding-Of( StringToSign ) ) );

Authorization = "HMAC " + Api.key + “:” + Signature;

So this should look like the Authorization header below:

curl -X POST \
  https://business-sandbox.cryptopay.me/api/invoices \
  -H 'Authorization: HMAC DjlHuWlApznJ7vrhPBL0fA:N2eEvkJQ07EpFau90pL5xMpBO3g=' \
  -H 'Content-Type: application/json' \
  -H 'Date: Tue, 25 Sep 2018 17:41:40 GMT' \
  -d '{"price_amount":"100","price_currency":"EUR","pay_currency":"BTC"}'

Make sure that the date used for signature is the same you put in the Date header

PreviousHow it worksNextCreating a signature. Code samples

Last updated 9 months ago

format e.g. Tue, 15 Nov 1994 08:12:31 GMT. The time offset is 15 minutes

HTTP-date