🔑API credentials
Obtaining API Keys
In order to interact with the LegranPay API you need to have the credentials that you can find in the Settings section
Authorization
LegranPay API user authorization is done via sending two headers:
X-MERCHANT-KEY - A public key, that can be obtained from the backoffice, Settings section.
X-MERCHANT-SIGNATURE - The POST request body signed by a secret key using the HMAC-SHA512 hash function. The secret key can be also obtained backoffice, Settings section.
Example of create and validate the signature in Typescript
import { createHmac } from 'crypto';
/**
* Create signature
*
* @param {*} data
* @param {string} secretKey
* @return {*} {string}
*/
function createSignature(data: any, secretKey: string): string {
// Sort by key
const sortedData = Object.fromEntries(Object.entries(data).sort());
// Encrypt in HMAC-SHA512
return createHmac('sha512', secretKey)
.update(sortedData)
.digest('hex');
}
/**
* Validate signature
*
* @param {*} data
* @param {string} requestSignature
* @param {string} secretKey
* @return {*} {boolean}
*/
function validateSignature(data: any, requestSignature: string, secretKey: string): boolean {
// Generate signature
const currentSignature: string = createSignature(data, secretKey);
// Compare and return
return currentSignature === requestSignature;
}...
let bodyParams = { ... };
const signature: string = createSignature(bodyParams, secretKey);
...Last updated