# Authentication

All API requests will require you to pass an Authorization bearer token and `MONI-SIGNATURE` in the header.

The Authorization bearer token value will be your ***`access_token.`*** You can get your access token value from your dashboard.

The value of `MONI-SIGNATURE` will be a combination of the ***`tribe_account_ref`***`,` ***`public_key,`*** and ***`merchant_private_key`***. This is to verify the source sending the request.

The value will be gotten after combining the above parameters using a standard **HMAC-SHA256** keyed hash.

To form the `MONI-SIGNATURE` see sample code below.

{% tabs %}
{% tab title="Python" %}

```
import hmac 
import hashlib 
import six
message = tribe_account_ref + public_key 
final_hex = hmac.new(six.b(merchant_private_key), msg=message.encode('UTF-8'), digestmod=hashlib.sha256).hexdigest()
return final_hex
```

{% endtab %}

{% tab title="JS" %}

```
const tribe_account_ref = "tribe-account-ref-value";
const public_key = "your-public-key-value";
const merchant_private_key = "your-private-key-value";

let hmac = crypto.createHmac("sha256", merchant_private_key);
//passing the data to be hashed
let digest_msg = tribe_account_ref + public_key;
let data = hmac.update(digest_msg);
//Creating the hmac in the required format
let moni_signature = data.digest("hex");

console.log("moni_signature: ", moni_signature);
```

{% endtab %}

{% tab title="C#" %}

```
using System;
using System.Security.Cryptography;
using System.Text;

public class HmacSha256SignatureGenerator
{
    public static string GenerateSignature(string secret, string digest)
    {
        byte[] keyBytes = Encoding.UTF8.GetBytes(secret);
        byte[] digestBytes = Encoding.UTF8.GetBytes(digest);

        using (var hmac = new HMACSHA256(keyBytes))
        {
            byte[] signatureBytes = hmac.ComputeHash(digestBytes);
            string signature = BitConverter.ToString(signatureBytes).Replace("-", "").ToLower();
            return signature;
        }
    }
}

public class Program
{
    public static void Main(string[] args)
    {
        string merchantPrivateKey = "your_merchant_private_key";
        string tribeAccountRef = "your_tribe_account_ref";
        string publicKey = "your_public_key";
        string digest = $"{tribeAccountRef}{publicKey}";
        string signature = HmacSha256SignatureGenerator.GenerateSignature(merchantPrivateKey, digest);
        Console.WriteLine($"HMAC-SHA256 Signature: {signature}");
    }
}

```

{% endtab %}

{% tab title="PHP" %}

```
function generateSignature($secret, $digest) {
    $signature = hash_hmac('sha256', $digest, $secret);
    return $signature;
}

$merchantKey = 'your_merchant_key';
$tribeAccountRef = 'your_tribe_account_ref';
$publicKey = 'your_public_key';

$digest = $tribeAccountRef . $publicKey;

$signature = generateSignature($merchantKey, $digest);

echo "HMAC-SHA256 Signature: " . $signature;
```

{% endtab %}

{% tab title="Java" %}

```
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;

public class HmacSha256SignatureGenerator {
    public static String generateSignature(String secret, String digest) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac hmacSha256 = Mac.getInstance("HmacSHA256");
        SecretKeySpec keySpec = new SecretKeySpec(secret.getBytes(StandardCharsets.UTF_8), "HmacSHA256");
        hmacSha256.init(keySpec);
        byte[] signatureBytes = hmacSha256.doFinal(digest.getBytes(StandardCharsets.UTF_8));
        StringBuilder signatureBuilder = new StringBuilder();
        for (byte b : signatureBytes) {
            String hex = String.format("%02x", b);
            signatureBuilder.append(hex);
        }
        return signatureBuilder.toString();
    }

    public static void main(String[] args) throws NoSuchAlgorithmException, InvalidKeyException {
        String merchantKey = "your_merchant_key";
        String tribeAccountRef = "your_tribe_account_ref";
        String publicKey = "your_public_key";

        String digest = tribeAccountRef + publicKey;

        String signature = generateSignature(merchantKey, digest);

        System.out.println("HMAC-SHA256 Signature: " + signature);
    }
}

```

{% endtab %}

{% tab title="Ruby" %}

```
require 'openssl'

def generate_signature(secret, digest)
  hmac = OpenSSL::HMAC.hexdigest(OpenSSL::Digest.new('sha256'), secret, digest)
  hmac
end

merchant_key = 'your_merchant_key'
tribe_account_ref = 'your_tribe_account_ref'
public_key = 'your_public_key'

digest = tribe_account_ref + public_key

signature = generate_signature(merchant_key, digest)

puts "HMAC-SHA256 Signature: #{signature}"

```

{% endtab %}
{% endtabs %}

```json
headers = {
        'Authorization': 'Bearer xhscIjHgpm2ZiPjzKos4ivl4GhyZp5',
        'Content-Type': 'application/json',
        'moni-signature': 'wed332eeddrdbdbdbdbvdvdvdvvsbsvsd'
}
```