IDRX Documentation
  • Introduction
    • IDRX Whitepaper
    • Supported Chain and Contract Address
  • IDRX Account
    • Create Account
    • Sign In
    • Forgot Password
    • Account Verification (KYC)
    • Business Account
  • Services
    • Mint IDRX
    • Redeem IDRX
    • Bridge IDRX
    • Get Other Tokens
    • Redeem Other Stablecoin
    • Fees
  • API
    • Getting Started
    • Generating a Signature
    • Onboarding API
      • POST /api/auth/onboarding
      • GET /api/auth/members
      • POST /api/auth/add-bank-account
      • GET /api/auth/get-bank-accounts
      • DELETE /api/auth/delete-bank-account/:bankId
    • Transaction API
      • POST /api/transaction/mint-request
      • POST /api/transaction/redeem-request
      • POST /api/transaction/bridge-request
      • GET /api/transaction/method
      • GET /api/transaction/user-transaction-history
      • GET /api/transaction/rates
      • GET /api/transaction/get-additional-fees
  • Smart Contract
    • Staking
      • Staking Type
      • Staking IDRX
      • Claim Staking Reward
      • Unbond Staked IDRX
      • Claim Unbonded IDRX
      • Claim Principal and Staking Rewards
      • Application Binary Interface
  • Integration
    • Overview
    • Onboarding a new user
    • Managing bank accounts
    • Processing mint requests
      • Getting other tokens
    • Processing redeem requests
      • Redeeming from other tokens
Powered by GitBook
On this page
  • 1. Prepare Input Parameters
  • 2. Decode the Secret Key
  • 3. Create HMAC Instance
  • 4. Generate HMAC Digest
  • 5. Encode the Digest
  • Code Example (TypeScript)
  1. API

Generating a Signature

In order to authorize your API requests, the system requires a SHA-256 hash of the payload as a signature. This signature serves as a digital seal, guaranteeing the integrity and origin of the data being transmitted.

These steps can be applied to various programming languages, as the underlying HMAC-SHA256 concept remains the same. However, please note that the specific implementation details might vary based on the programming language used.

1. Prepare Input Parameters

Gather the components of the API request that need to be included in the signature:

  • method: The HTTP method of the API request (e.g., 'GET', 'POST').

  • url: The URL of the API endpoint.

  • bodyBuffer: a JSON string payload, which is converted into a Buffer.

  • timestamp: A timestamp indicating when the request is being made (in miliseconds).

  • secretKey: A secret key used for HMAC-SHA256 encryption.

2. Decode the Secret Key

Decode the base64-encoded secretKey to obtain the original secret.

3. Create HMAC Instance

Concatenate the components of the request in this order into a single string.

  1. method,

  2. URL,

  3. timestamp,

  4. and the request body.

Create an HMAC instance using the SHA-256 hash algorithm and the secret key. Pass the string into the HMAC instance.

4. Generate HMAC Digest

Generate the HMAC digest by finalizing the HMAC computation. This step produces a binary hash.

5. Encode the Digest

Encode the binary hash into a string representation. The encoding format should be a base64Url.

Code Example (TypeScript)

The following is an example code implementation using Typescript:

import * as crypto from 'crypto';

function atob(str: string) {
  return Buffer.from(str, 'base64').toString('binary');
}

export function createSignature(
  method: string,
  url: string,
  body: any,
  timestamp: string,
  secretKey: string,
) {
  const bodyBuffer = Buffer.from(JSON.stringify(body));

  const secret = atob(secretKey);

  const hmac = crypto.createHmac('sha256', secret);
  hmac.update(timestamp);
  hmac.update(method);
  hmac.update(url);

  if (bodyBuffer != null) {
    hmac.update(bodyBuffer);
  }

  const hash = hmac.digest();
  const signature = hash.toString('base64url');

  return signature;
}

You're all set. Include the generated signature in the API request headers.

PreviousGetting StartedNextOnboarding API

Last updated 1 year ago

Page cover image