Authentication

Integration checklist API Guide Authentication Error Handling Create Payment Create Pay-out Get Transaction Cancel Payment Refund Payment Resend Transaction Create Payment Create One-click Agreement Create One-click Payment Check Transactions Get Balances Webhooks Transactions Statuses
Search Icon
Search Icon Clear Icon

No Results Found

Introduction

Integration checklist API Guide Authentication Error Handling

Transactions

Create Payment Create Pay-out Get Transaction Cancel Payment Refund Payment Resend Transaction

Two Step Transactions

Create Payment

One Click Payments

Create One-click Agreement Create One-click Payment

Information

Check Transactions Get Balances Webhooks Transactions Statuses

HMAC+SHA* or RSA+SHA* algorithms are used for request and response signing using an API key. Generated signature should be wrapped in Base64 and provided in a X-Signature HTTP header.

Signature Format

XXX.YYY

where XXX is a Base64-encoded header and YYY is a Base64-encoded content signature.

The header is a JSON packet that contains information required for proper signature generation:

Header

{
"alg": "HS512", // encryption algorithm. One of HS256,HS384,HS512,RS256,RS384,RS512
"key": "OTgxMzI0NjY5OTEyMzQ4", // key id that was used to generate signature
"timestamp": 1540905923 // time of the signature generation in Unix Epoch format
}

The signature generation algorithm for symmetric encryption (using shared key):

Header

StringToSign =
request.method + // HTTP method from the request GET|POST|PUT|PATCH|DELETE etc
request.path + // path part of the request
request.queryString + // query string of the request
request.timestamp.toString() + // string representation of header.timestamp
Base64Encode(Base64Encode(SHA(removeEscapeSequenceAndWhitespace(request.payload)))), // Base64-encoded SHA hash of whitespace-cleaned request.payload
EscapeSequenceAndWhitespace refer to any of this characters
private static final Set REPLACEMENTS = new HashSet<>(Arrays.asList(
'\n', /* \u000a: linefeed LF */
'\r', /* \u000d: carriage return CR */
'\b', /* \u0008: backspace BS */
'\f', /* \u000c: form feed FF */
'\t', /* \u0009: horizontal tab HT */
' '
));

HMAC

Security Scheme Type API Key
Header parameter name: X-Signature

Session

Security Scheme Type API Key
Header parameter name: X-Auth-Token

Official media partner

Official travel partner

Apple Google Play
Join us on Social Media Join us on Social Media Join us on Social Media
Luxon Pay 2023 © | All rights reserved

Luxon and Luxon Pay are trading names of Luxon Pay Ltd, a company registered in Calgary, AB, Canada (No. 2024517852), with its registered office at Bow Valley Square 3, 490, 205 – 5 Avenue SW, Calgary, Alberta, T2P 2V7, Canada. Luxon Pay Ltd is authorised by FINTRAC as a Money Service Business (MSB No. M22974394). Terms and Conditions apply.