Authentication

Paynetics API uses HMAC authentication methodology.

To authenticate your API Request to Paynetics you need to provide the following elements in the header of your request:

x-api-key : Key provided by Paynetics.

x-timestamp : Current UNIX timestamp.

x-hash : HMAC sha256.

* Use secret key* for hash vector. Body of the hash is formed by concatenating:

API Key + Timestamp + Operation + Content Body

* (Required: POST+PUT request)

Important:

Body content whitespaces will be omitted when comparing hashes!
Request is valid for 15 seconds after hash generation!

{ " name ": " Paynetics " } will be {"name":"Paynetics"}

For example if request timestamp is 1591096701 and current timestamp is 1591096720 request will not be authorized!

To exchange API key and secret Paynetics require public PGP key.

NOTE: Attach example postman authentication.

SECRET KEY

Provided by Paynetics. Keys should be kept secure to ensure your data stay safe. Never share them publicly.

Hash Generation Examples:

GET REQUEST

HMAC_SHA256 with API Secret of 07364675-5b2a-4d35-bd2c-b93e696aa53f1625399941cards_list

POST REQUEST

Complete POST body which is sent HMAC_SHA256 with API Secret of 07364675-5b2a-4d35-bd2c-b93e696aa53f1625399941init_web{"openBankAccount":true,"issueCard":true}

PUT REQUEST

Complete PUT body which is sent HMAC_SHA256 with API Secret of 07364675-5b2a-4d35-bd2c-b93e696aa53f1625399941init_web{"name":"Paynetics"}