Authentication
All API requests will require you to pass an Authorization bearer token and MONI-SIGNATURE
in the header.
The Authorization bearer token value will be your access_token.
You can get your access token value from your dashboard.
The value of MONI-SIGNATURE
will be a combination of the tribe_account_ref
,
public_key,
and merchant_private_key
. This is to verify the source sending the request.
The value will be gotten after combining the above parameters using a standard HMAC-SHA256 keyed hash.
To form the MONI-SIGNATURE
see sample code below.
import hmac
import hashlib
import six
message = tribe_account_ref + public_key
final_hex = hmac.new(six.b(merchant_private_key), msg=message.encode('UTF-8'), digestmod=hashlib.sha256).hexdigest()
return final_hex
const tribe_account_ref = "tribe-account-ref-value";
const public_key = "your-public-key-value";
const merchant_private_key = "your-private-key-value";
let hmac = crypto.createHmac("sha256", merchant_private_key);
//passing the data to be hashed
let digest_msg = tribe_account_ref + public_key;
let data = hmac.update(digest_msg);
//Creating the hmac in the required format
let moni_signature = data.digest("hex");
console.log("moni_signature: ", moni_signature);
using System;
using System.Security.Cryptography;
using System.Text;
public class HmacSha256SignatureGenerator
{
public static string GenerateSignature(string secret, string digest)
{
byte[] keyBytes = Encoding.UTF8.GetBytes(secret);
byte[] digestBytes = Encoding.UTF8.GetBytes(digest);
using (var hmac = new HMACSHA256(keyBytes))
{
byte[] signatureBytes = hmac.ComputeHash(digestBytes);
string signature = BitConverter.ToString(signatureBytes).Replace("-", "").ToLower();
return signature;
}
}
}
public class Program
{
public static void Main(string[] args)
{
string merchantKey = "your_merchant_key";
string tribeAccountRef = "your_tribe_account_ref";
string publicKey = "your_public_key";
string digest = $"{tribeAccountRef}{publicKey}";
string signature = HmacSha256SignatureGenerator.GenerateSignature(merchantKey, digest);
Console.WriteLine($"HMAC-SHA256 Signature: {signature}");
}
}
function generateSignature($secret, $digest) {
$signature = hash_hmac('sha256', $digest, $secret);
return $signature;
}
$merchantKey = 'your_merchant_key';
$tribeAccountRef = 'your_tribe_account_ref';
$publicKey = 'your_public_key';
$digest = $tribeAccountRef . $publicKey;
$signature = generateSignature($merchantKey, $digest);
echo "HMAC-SHA256 Signature: " . $signature;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
public class HmacSha256SignatureGenerator {
public static String generateSignature(String secret, String digest) throws NoSuchAlgorithmException, InvalidKeyException {
Mac hmacSha256 = Mac.getInstance("HmacSHA256");
SecretKeySpec keySpec = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
hmacSha256.init(keySpec);
byte[] signatureBytes = hmacSha256.doFinal(digest.getBytes(StandardCharsets.UTF_8));
StringBuilder signatureBuilder = new StringBuilder();
for (byte b : signatureBytes) {
String hex = String.format("%02x", b);
signatureBuilder.append(hex);
}
return signatureBuilder.toString();
}
public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
String merchantKey = "your_merchant_key";
String tribeAccountRef = "your_tribe_account_ref";
String publicKey = "your_public_key";
String digest = tribeAccountRef + publicKey;
String signature = generateSignature(merchantKey, digest);
System.out.println("HMAC-SHA256 Signature: " + signature);
}
}
require 'openssl'
def generate_signature(secret, digest)
hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), secret, digest)
hmac
end
merchant_key = 'your_merchant_key'
tribe_account_ref = 'your_tribe_account_ref'
public_key = 'your_public_key'
digest = tribe_account_ref + public_key
signature = generate_signature(merchant_key, digest)
puts "HMAC-SHA256 Signature: #{signature}"
headers = {
'Authorization': 'Bearer xhscIjHgpm2ZiPjzKos4ivl4GhyZp5',
'Content-Type': 'application/json',
'moni-signature': 'wed332eeddrdbdbdbdbvdvdvdvvsbsvsd'
}
Last updated