API Reference

How to generate API x-signature

This page guides you on how to generate signature for api calls.

Generating API Signature

Follow these steps to generate an API signature for authenticating requests:

  1. Concatenate Values: Concatenate the API key, HTTP method, request URI, and request timestamp into a single string.
  2. Convert to Lowercase: Convert the concatenated string to lowercase to ensure consistency in hashing.
  3. Hash and Encode: Encrypt the lowercase string using SHA-256 with your secret key and encode the result into Base64 format.
  4. Combine the signature: Combining the signature with apikey:signature:timestamp.

Example

Sample Values:

  • API Key: api_key1
  • HTTP Method: POST
  • Request URI: https://paymentapi.bitzaro.com/widget
  • Request Timestamp: 1685449937 (in seconds)
  • Secret Key: secret_key1

Steps using the sample values:

  1. Concatenated String: api_key1POSThttps://paymentapi.bitzaro.com/widget1685449937
  2. Lowercase String: api_key1posthttps://paymentapi.bitzaro.com/widget1685449937
  3. Hash & Encode the API Signature: JtlEcIaG6QtAnmEe2UBPqf/Bni23eursnrpGq2/GnUs=
  4. Combine the signature: api_key1:JtlEcIaG6QtAnmEe2UBPqf/Bni23eursnrpGq2/GnUs=:1685449937

Using Online Tool

You can use the HMAC-SHA256 Online Tool to compare your output with the generated API signature. Fill in the following details:

  • Plain Text: api_key1posthttps://paymentapi.bitzaro.com/widget1685449937
  • Secret Key: secret_key1
  • Cryptographic Hash Function: SHA-256
  • Output Text Format: Base64

Code Example

const CryptoJS = require('crypto-js');

// Replace these variables with actual values
const apiKey = 'api_key1';
const httpMethod = 'POST';
const requestUri = 'https://paymentapi.bitzaro.com/widget';
const requestTimeStamp = '1685449937';
const secretKey = 'secret_key1';

// Step 1: Concatenate the required values
let rawString = apiKey + httpMethod + requestUri + requestTimeStamp;

// Step 2: Convert the string to lowercase
let lowercaseString = rawString.toLowerCase();

// Step 3: Hash & Encode the API signrature
// - Function to hash the string using SHA-256 and encode in Base64
function hashString(str, secret) {
    return CryptoJS.HmacSHA256(str, secret).toString(CryptoJS.enc.Base64);
}
// - Generate the API signature
const apiSignature = hashString(lowercaseString, secretKey);

// Step 4: Combine the signtaure
const xSignature = `${apiKey}:${apiSignature}:${requestTimeStamp}`;


using System;
using System.Security.Cryptography;
using System.Text;

public class ApiSignatureGenerator
{
    public static string GenerateSignature(string apiKey, string httpMethod, string requestUri, string requestTimeStamp, string secretKey)
    {
        // Step 1: Concatenate the required values
        string rawString = apiKey + httpMethod + requestUri + requestTimeStamp;

        // Step 2: Convert the string to lowercase
        string lowercaseString = rawString.ToLower();

        // Step 3: Hash & Encode: Encrypt the string using SHA-256 and encode into Base64
        return HashHMACSHA256(lowercaseString, secretKey);
    }

    private static string HashHMACSHA256(string message, string secret)
    {
        byte[] keyByte = Encoding.UTF8.GetBytes(secret);
        using (var hmacsha256 = new HMACSHA256(keyByte))
        {
            byte[] messageBytes = Encoding.UTF8.GetBytes(message);
            byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
            return Convert.ToBase64String(hashmessage);
        }
    }

    public static void Main()
    {
        string apiKey = "api_key1";
        string httpMethod = "POST";
        string requestUri = "https://paymentapi.bitzaro.com/widget";
        string requestTimeStamp = "1685449937";
        string secretKey = "secret_key1";

        string apiSignature = GenerateSignature(apiKey, httpMethod, requestUri, requestTimeStamp, secretKey);
        Console.WriteLine("API Signature: " + apiSignature);
    }
}


import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;

public class ApiSignatureGenerator {

    public static String generateSignature(String apiKey, String httpMethod, String requestUri, String requestTimeStamp, String secretKey) throws NoSuchAlgorithmException, InvalidKeyException {
        // Step 1: Concatenate the required values
        String rawString = apiKey + httpMethod + requestUri + requestTimeStamp;

        // Step 2: Convert the string to lowercase
        String lowercaseString = rawString.toLowerCase();

        // Step 3: Hash & Encode: Encrypt the string using SHA-256 and encode into Base64
        return hmacSha256(lowercaseString, secretKey);
    }

    private static String hmacSha256(String value, String key) throws NoSuchAlgorithmException, InvalidKeyException {
        SecretKeySpec secretKeySpec = new SecretKeySpec(key.getBytes(), "HmacSHA256");
        Mac mac = Mac.getInstance("HmacSHA256");
        mac.init(secretKeySpec);
        byte[] bytes = mac.doFinal(value.getBytes());
        return Base64.getEncoder().encodeToString(bytes);
    }

    public static void main(String[] args) {
        try {
            String apiKey = "api_key1";
            String httpMethod = "POST";
            String requestUri = "https://paymentapi.bitzaro.com/widget";
            String requestTimeStamp = "1685449937";
            String secretKey = "secret_key1";

            String apiSignature = generateSignature(apiKey, httpMethod, requestUri, requestTimeStamp, secretKey);
            System.out.println("API Signature: " + apiSignature);
        } catch (NoSuchAlgorithmException | InvalidKeyException e) {
            e.printStackTrace();
        }
    }
}