How to make safe payment requests.

All requests to the Payouts API must be signed and the signature included in the Payload-Signature request header for them to be accepted.


How does it work

The signature must be calculated using the request payload as the data to be hashed and the merchant secret key as the hashing key, using the HMAC SHA256 algorithm. The resulting signature should be provided to the Payouts API in hexadecimal lowercase format.

Signature calculation example

The following PHP code snippet describes an example signature calculation:

$secretKey = 'xxxxxxxxxxx';
$requestPayload = { … }
$signature = hash_hmac('sha256', $requestPayload, $secretKey, false)

Do not forget to use your Secret key for masking your signature. Read more information in the Get your API test credentials section.


Signature testing

We strongly suggest testing your generated signature by using the Get Exchange Rate call, to make sure your signature is working before moving forward with the integration.