Ubitpay API's are protected behind a sign based verification using the HMAC sha256 Algorithm.These are essential for any finance platform as they provide a way to check the integrity of information transmitted over or stored in an unreliable medium.
Script For Generation Sign
Following is JS code for Generating a sign
Copy
import crypto from 'crypto';
export class HmacUtil {
static hmac256(key:string, msg:string) {
const mac = crypto.createHmac('sha256', key);
const data = mac.update(msg).digest('hex').toLowerCase();
return data;
}
static getStringToSign(body: Record<string, any> ,nonce:string,timestamp:string , reqMethod:string, requestURI:string) {
const treeMap = new Map(Object.entries(body).sort());
let s2s = '';
for (const [k, v] of treeMap) {
if (!k || typeof v === 'object') {
continue;
}
if (v !== null && v !== undefined && String(v)) {
s2s += ${k}=${v}&;
}
}
const bodyString = s2s.slice(0, -1);
const CotentMd5 = crypto.createHash('md5').update(bodyString).digest('hex');
const stringToSign = reqMethod + '\n' + CotentMd5 + '\n' + requestURI + '\n' + timestamp + '\n' + nonce ;
return stringToSign
}
}
const nonce = '123456';
const timestamp = Date.now();
console.log(timestamp)
const reqMethod = 'POST';
const requestURI = 'http://localhost:8080/api/external/transfer-to-cosmos'; //request endpoint
const str = HmacUtil.getStringToSign({
"email":"utkarsh38200@gmail.com" //user email
}, nonce, timestamp.toString(), reqMethod, requestURI) //call this method for generating the sign to send in the Header
const sign = HmacUtil.hmac256("<secret-key>",str)
const appId = "<app-id>"