All requests to the Payouts API must be signed and the signature included in the Payload-Signature request header for them to be accepted.

Signature

How does it work

The signature must be calculated using the request payload as the data to be hashed and the merchant secret key as the hashing key, using the HMAC SHA256 algorithm. The resulting signature should be provided to the Payouts API in hexadecimal lowercase format.

Signature calculation example

The following PHP code snippet describes an example signature calculation:

$secretKey = 'xxxxxxxxxxx';
$requestPayload = { … }
$signature = hash_hmac('sha256', $requestPayload, $secretKey, false)

Do not forget to use your Secret key for masking your signature. Read more information in the Get your API test credentials section.

ℹ️
Signature testing
We strongly suggest testing your generated signature by using the Get Exchange Rate call, to make sure your signature is working before moving forward with the integration.

Security

Signature

How does it work

Signature calculation example

ℹ️
Signature testing

Signature

How does it work

Signature calculation example

ℹ️Signature testing

ℹ️
Signature testing