Authentication & Signature

The CentPay Merchant API uses HMAC SHA256 signature-based authentication to ensure secure communication between merchants and the API.

Required Headers

All API requests must include the following headers:

Header Description
x-public-key Merchant API Key
x-timestamp Unix timestamp in milliseconds
x-signature HMAC SHA256 signature

Signature Generation

Signature is generated using:

Formula 
HMAC_SHA256(secret_key, raw_body + "|" + timestamp)

Steps

  1. Convert request body to compact JSON
  2. Generate timestamp in milliseconds
  3. Create message:
    Message 
    raw_body + "|" + timestamp
  4. Generate HMAC SHA256 using your secret key

Node.js Example

Node.js 
const crypto = require("crypto");

function generateSignature(body, secret, timestamp) {
  const rawBody = JSON.stringify(body);
  const message = `${rawBody}|${timestamp}`;
  return crypto
    .createHmac("sha256", secret)
    .update(message)
    .digest("hex");
}
Previous Base URL
Next Deposit API