API Reference
Start typing to search…

Authentication

The mechanism of authorization of queries in Coin Accepted system is exactly the same like in .

To perform a valid authentication you need to use API public and secret keys to generate a sign. You can generate keys by going to the Pages tab under the Management section, and then click Add Store.

The generated pair of keys will only support a specific store and for each store, you should generate them separately.

The parameters must be sent in JSON format which allows you to generate a hash.

In order to correctly execute a query for any method, the following authorization parameters must be present in the header:

Header

Description

API-Key

Public API key.

API-Hash

HMAC("SHA512", public_key + current_timestamp + JSON_body_parameters, private_key)

operation-id

One time, randomly generated UUID.

Request-Timestamp

Current time in the UNIX Timestamp format. The same value must be used to generate the hash.

Content-Type

Two-part identifier of the file format, by default: application/json.

API-Hash is HMAC based hash generated for body parameters using SHA512 algorithm and your private key to sign. It contains following data:

  • Public key
  • Current timestamp of operation
  • Body parameters in JSON format
  • Private key to sign (in some libraries it is an additional parameter)

Example authorization headers and generation in NodeJS:

API-Key: 12345f6f-1b1d-1234-a973-a10b1bdba1a1
API-Hash:
8892f16e0713c5f3e3d7e9fa26c5a5f2817b09fc48fece72ed5712ae33547c92e91e735b
1818397136beea760efae61d1449a93e48ee2f80789dfa24830ef720
operation-id: 78539fe0-e9b0-4e4e-8c86-70b36aa93d4f
Request-Timestamp: 1529897422
Content-Type: application/json
'use strict'
const uuidv4 =  require (  'uuid/v4' );
const crypto = r
 equire (  'crypto' );
const​ apiKey =  '48249e33-fbad-4805-a752-a82fe216e933' ;
const​ apiSecret =  '12cd3901-1d4f-4b24-82ef-fbbc36638b7c' ;
var body =  null ;
function  getHash (apiKey, timestamp, apiSecret, body) {
 const hmac = crypto.createHmac( 'sha512' , apiSecret);
 if (body)
hmac.update(apiKey + timestamp +  JSON .stringify(body));
 else
hmac.update(apiKey + timestamp);
 return hmac.digest( 'hex' );
};
let timestamp =  Date .now();
var headers = {
 'API-Key' : apiKey,
 'API-Hash' : getHash(apiKey, timestamp, apiSecret, body),
 'operation-id' : uuidv4(),
 'Request-Timestamp' : timestamp,
 'Content-Type' :  'application/json'
};