Authorization

Type: HMAC Signature

Description: For endpoints requiring auth (POST /invoice, GET /invoices, GET /invoice/:id) Date and Authorization headers with an HMAC signature must be passed:

Date: <UTC date, e.g. Tue, 09 Apr 2025 12:00:00 GMT>
Authorization: HMAC <merchant_id>:<signature>
Signature = Base64(HMAC‑SHA512(secret,method + "\n" + path + "\n" + body + "\n" + date))
method – HTTP method (POST/GET)
path – URI (e.g. /invoice, /invoices)
body – request body (JSON or empty)
date – the Date header
secret – your merchant secret
merchant_id – your ApiKey

Example:

Date: Tue, 09 Apr 2025 12:00:00 GMT
Authorization: HMAC merchant_001:abc123xyz456

Notes:

Signatures valid for 15 minutes
POST /acquire is internal and does not require auth

PreviousSequence Diagram NextAPI Methods

Last updated 7 months ago