• Integration checklist
  • API Guide
  • Authentication
  • Error Handling
  • Transactions
  • Create Payment
  • Create Pay-out
  • Get Transaction
  • Cancel Payment
  • Refund Payment
  • Resend Transaction
  • Two Step Transactions
  • Create Payment
  • One Click Payments
  • Create One-click Agreement
  • Create One-click Payment
  • Information
  • Check Transactions
  • Get Balances
  • Webhooks
  • Transactions Statuses


HMAC+SHA* or RSA+SHA* algorithms are used for request and response signing using an API key. Generated signature should be wrapped in Base64 and provided in a X-Signature HTTP header.

Signature Format


where XXX is a Base64-encoded header and YYY is a Base64-encoded content signature.

The header is a JSON packet that contains information required for proper signature generation:


"alg": "HS512", // encryption algorithm. One of HS256,HS384,HS512,RS256,RS384,RS512
"key": "OTgxMzI0NjY5OTEyMzQ4", // key id that was used to generate signature
"timestamp": 1540905923 // time of the signature generation in Unix Epoch format

The signature generation algorithm for symmetric encryption (using shared key):


header.alg( // apply signing algorithm from the header
getSecretById(header.key) // returns a shared secret key with id=header.key for HS* algorithms and private key for RS* algorithms

StringToSign =
request.method + // HTTP method from the request GET|POST|PUT|PATCH|DELETE etc
request.path + // path part of the request
request.queryString + // query string of the request
request.timestamp.toString() + // string representation of header.timestamp
Base64Encode(SHA(removeWhitespace(request.payload))), // Base64-encoded SHA hash of whitespace-cleaned request.payload


Security Scheme Type API Key
Header parameter name: X-Signature


Security Scheme Type API Key
Header parameter name: X-Auth-Token